Create a control plane
Uses:
Kong Operator
TL;DR
Create a KonnectGatewayControlPlane object and add Konnect authentication.
Prerequisites
Kong Konnect
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'Copied!
Create a KonnectAPIAuthConfiguration resource
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: konnect-api-auth
namespace: kong
spec:
type: token
token: "'$KONNECT_TOKEN'"
serverURL: us.api.konghq.com
' | kubectl apply -f -
Copied!
Create a KonnectGatewayControlPlane
Create a KonnectGatewayControlPlane object and add the Konnect authentication resource we created in the prerequisites.
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha2
metadata:
name: gateway-control-plane
namespace: kong
spec:
createControlPlaneRequest:
name: gateway-control-plane
konnect:
authRef:
name: konnect-api-auth
' | kubectl apply -f -
Copied!
Make sure that the
KonnectGatewayControlPlaneresource is in the same namespace as theKonnectAPIAuthConfigurationresource.
Validate
You can verify the KonnectGatewayControlPlane was reconciled successfully by checking its Programmed condition.
kubectl get -n kong konnectgatewaycontrolplane gateway-control-plane \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
Copied!
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}
Copied!