Home / Kong Gateway Operator / Konnect / Konnect CRDs: Cloud Gateways
Edit
Report

Create a Cloud Gateway Network

Uses: Kong Gateway Operator
Related Documentation
All Operator Documentation
Incompatible with
on-prem
Tags
#konnect-crd
Related Resources
Dedicated Cloud Gateways
TL;DR

Use the KonnectCloudGatewayNetwork resource to provision a network and monitor provisioning status in Konnect.

Prerequisites

Kong Konnect

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Kong Gateway Operator running

  1. Add the Kong Helm charts:

    helm repo add kong https://charts.konghq.com
helm repo update

  2. Create a kong namespace:

    kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -

  3. Install Kong Ingress Controller using Helm:

    helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace  \
  --set image.tag=1.5 \
  --set kubernetes-configuration-crds.enabled=true \
  --set env.ENABLE_CONTROLLER_KONNECT=true

Create a KonnectAPIAuthConfiguration resource

 
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: konnect-api-auth
  namespace: kong
spec:
  type: token
  token: "'$KONNECT_TOKEN'"
  serverURL: us.api.konghq.com
' | kubectl apply -f -

Create a KonnectGatewayControlPlane resource

 
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: gateway-control-plane
  namespace: kong
spec:
  name: gateway-control-plane
  konnect:
    authRef:
      name: konnect-api-auth
' | kubectl apply -f -

Provider Account ID

In order to mange Cloud Gateway Networks you need to have a Cloud Gateway Provider Account associated with your Konnect account. You can obtain the ID to your provider account using the Cloud Gateways API.

curl -s -H 'Content-Type: application/json' -H "Authorization: Bearer $KONNECT_TOKEN" -XGET https://global.api.konghq.com/v2/cloud-gateways/provider-accounts | jq

Export the value of your desired ID:

export CLOUD_GATEWAY_PROVIDER_ID='YOUR PROVIDER ID'

Create a KonnectCloudGatewayNetwork

Use the KonnectCloudGatewayNetwork resource to provision a Dedicated Cloud Gateway Network in your selected region and availability zones.

echo '
kind: KonnectCloudGatewayNetwork
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: konnect-network-1
  namespace: kong
spec:
  name: network1
  cloud_gateway_provider_account_id: "'$CLOUD_GATEWAY_PROVIDER_ID'"
  availability_zones:
  - euw1-az1
  - euw1-az2
  - euw1-az3
  cidr_block: 192.168.0.0/16
  region: eu-west-1
  konnect:
    authRef:
      name: konnect-api-auth
' | kubectl apply -f -

Validation

Check that Programmed is True on the konnect-network-1 resource:

You can verify the KonnectCloudGatewayNetwork was reconciled successfully by checking its Programmed condition.

kubectl get -n kong konnectcloudgatewaynetwork konnect-network-1 \
  -o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq

The output should look similar to this:

{
  "observedGeneration": 1,
  "reason": "Programmed",
  "status": "True",
  "type": "Programmed"
}
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support