Home / Kong Gateway Operator / Konnect / Konnect CRDs: Control Planes
Edit
Report

Reference an existing Control Plane

Uses: Kong Gateway Operator
Related Documentation
All Operator Documentation
Incompatible with
on-prem
Tags
#konnect-crd
TL;DR

Using Kong Gateway Operator, create a KonnectGatewayControlPlane object with spec.source: Mirror and add Konnect authentication.

Prerequisites

Kong Konnect

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Kong Gateway Operator running

  1. Add the Kong Helm charts:

    helm repo add kong https://charts.konghq.com
helm repo update

  2. Create a kong namespace:

    kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -

  3. Install Kong Ingress Controller using Helm:

    helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace  \
  --set image.tag=1.6.1 \
  --set kubernetes-configuration-crds.enabled=true \
  --set env.ENABLE_CONTROLLER_KONNECT=true

Kong Gateway Operator running

  1. Add the Kong Helm charts:

    helm repo add kong https://charts.konghq.com
helm repo update

  2. Create a kong namespace:

    kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -

  3. Install Kong Ingress Controller using Helm:

    helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace  \
  --set image.tag=1.6.1 \
  --set kubernetes-configuration-crds.enabled=true \
  --set env.ENABLE_CONTROLLER_KONNECT=true

Create a KonnectAPIAuthConfiguration resource

 
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: konnect-api-auth
  namespace: kong
spec:
  type: token
  token: "'$KONNECT_TOKEN'"
  serverURL: us.api.konghq.com
' | kubectl apply -f -

Set the Konnect Control Plane ID

Set the KONNECT_CONTROL_PLANE_ID variable to the ID of the control plane that you want to reference:

export KONNECT_CONTROL_PLANE_ID='YOUR CONTROL PLANE ID'

Create a KonnectGatewayControlPlane

Create a KonnectGatewayControlPlane object and add the Konnect authentication resource we created in the prerequisites.

echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: gateway-control-plane
  namespace: kong
spec:
  source: Mirror
  mirror:
    konnect:
      id: "'$KONNECT_CONTROL_PLANE_ID'"
  konnect:
    authRef:
      name: konnect-api-auth
' | kubectl apply -f -

Validation

Check that Programmed is True on the gateway-control-plane resource:

You can verify the KonnectGatewayControlPlane was reconciled successfully by checking its Programmed condition.

kubectl get -n kong konnectgatewaycontrolplane gateway-control-plane \
  -o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq

The output should look similar to this:

{
  "observedGeneration": 1,
  "reason": "Programmed",
  "status": "True",
  "type": "Programmed"
}

Now you can reference the gateway-control-plane resource from other CRDs as though it was created by Kong Gateway Operator.

Next Steps

Create a Gateway Service
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support