Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: acme
config:
account_email: ${{ env "DECK_EMAIL" }}
account_key:
key_id: ${{ env "DECK_KEY_ID" }}
key_set: ${{ env "DECK_KEY_SET" }}
domains:
- ${{ env "DECK_DOMAIN" }}
tos_accepted: true
storage: consul
storage_config:
consul:
host: ${{ env "DECK_CONSUL_HOST" }}
port: 8600
kv_path: acme
token: nil
timeout: 2000
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "acme",
"config": {
"account_email": "'$EMAIL'",
"account_key": {
"key_id": "'$KEY_ID'",
"key_set": "'$KEY_SET'"
},
"domains": [
"'$DOMAIN'"
],
"tos_accepted": true,
"storage": "consul",
"storage_config": {
"consul": {
"host": "'$CONSUL_HOST'",
"port": 8600,
"kv_path": "acme",
"token": "nil",
"timeout": 2000
}
}
}
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "acme",
"config": {
"account_email": "'$EMAIL'",
"account_key": {
"key_id": "'$KEY_ID'",
"key_set": "'$KEY_SET'"
},
"domains": [
"'$DOMAIN'"
],
"tos_accepted": true,
"storage": "consul",
"storage_config": {
"consul": {
"host": "'$CONSUL_HOST'",
"port": 8600,
"kv_path": "acme",
"token": "nil",
"timeout": 2000
}
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates.
-
controlPlaneId: The id of the control plane.
-
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: acme
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
account_email: '$EMAIL'
account_key:
key_id: '$KEY_ID'
key_set: '$KEY_SET'
domains:
- '$DOMAIN'
tos_accepted: true
storage: consul
storage_config:
consul:
host: '$CONSUL_HOST'
port: 8600
kv_path: acme
token: nil
timeout: 2000
plugin: acme
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_acme" "my_acme" {
enabled = true
config = {
account_email = var.email
account_key = {
key_id = var.key_id
key_set = var.key_set
}
domains = [var.domain]
tos_accepted = true
storage = "consul"
storage_config = {
consul = {
host = var.consul_host
port = 8600
kv_path = "acme"
token = "nil"
timeout = 2000
}
}
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "consul_host" {
type = string
}
