Create a Control Plane
Create a KonnectGatewayControlPlane
object and add Konnect authentication.
Prerequisites
Kong Konnect
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'
Copied!
Kong Gateway Operator running
-
Add the Kong Helm charts:
helm repo add kong https://charts.konghq.com helm repo update
Copied! -
Install Kong Gateway Operator using Helm:
helm upgrade --install kong-operator kong/kong-operator -n kong-system \ --create-namespace \ --set image.tag=2.0.2 \ --set env.ENABLE_CONTROLLER_KONNECT=true
Copied!
If you want cert-manager to issue and rotate the admission and conversion webhook certificates, install cert-manager to your cluster and enable cert-manager integration by passing the following argument while installing:
--set global.webhooks.options.certManager.enabled=true
If you do not enable this, the chart will generate and inject self-signed certificates automatically. We recommend enabling cert-manager to manage the lifecycle of these certificates.
Create a KonnectAPIAuthConfiguration resource
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: konnect-api-auth
namespace: kong
spec:
type: token
token: "'$KONNECT_TOKEN'"
serverURL: us.api.konghq.com
' | kubectl apply -f -
Create a KonnectGatewayControlPlane
Create a KonnectGatewayControlPlane
object and add the Konnect authentication resource we created in the prerequisites.
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha2
metadata:
name: gateway-control-plane
namespace: kong
spec:
createControlPlaneRequest:
name: gateway-control-plane
konnect:
authRef:
name: konnect-api-auth
' | kubectl apply -f -
Validation
Check that Programmed
is True
on the gateway-control-plane
resource:
You can verify the KonnectGatewayControlPlane
was reconciled successfully by checking its Programmed
condition.
kubectl get -n kong konnectgatewaycontrolplane gateway-control-plane \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}