From 4414a142d6e11cfa48b4c8fc5ca878657194bef4 Mon Sep 17 00:00:00 2001 From: Michael Heap Date: Fri, 7 Jun 2024 11:40:00 +0100 Subject: [PATCH 1/4] Add KIC in Konnect with KGO example --- .../get-started/kic/create-gateway.md | 148 ++++++++++++++++-- .../get-started/kic/install.md | 4 + 2 files changed, 142 insertions(+), 10 deletions(-) diff --git a/app/_src/gateway-operator/get-started/kic/create-gateway.md b/app/_src/gateway-operator/get-started/kic/create-gateway.md index 4bd98b22bafe..da23ad2febe8 100644 --- a/app/_src/gateway-operator/get-started/kic/create-gateway.md +++ b/app/_src/gateway-operator/get-started/kic/create-gateway.md @@ -1,5 +1,5 @@ --- -title: Create a GatewayClass +title: Create a Gateway content-type: tutorial book: kgo-kic-get-started chapter: 2 @@ -17,11 +17,127 @@ chapter: 2 > in order to get your `Gateway` up and running. {% endif_version %} -To use the Gateway API resources to configure your routes, you need to create a `GatewayClass` instance and create a `Gateway` resource that listens on the ports that you need. +Creating `GatewayClass` and `Gateway` resources in Kubernetes causes {{ site.kgo_product_name }} to create a {{ site.kic_product_name }} and {{ site.base_gateway }} deployment. + +## GatewayConfiguration + +You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} deployments using the `GatewayConfiguration` CRD. This allows you to control the image being used, and set any environment variables required. +{%- if_version gte:1.2.x %} + If you are creating a KIC in Konnect deployment, you need to customize the deployment to contain your control plane ID and authentication certificate +{%- endif_version %} + +{% navtabs gc %} +{% if_version gte:1.2.x %} +{% navtab Konnect %} + +To get the endpoint and the authentication details of the data plane. +1. [Log in to {{ site.konnect_short_name }}](https://cloud.konghq.com/login). +1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager) and create a new `Kong Ingress Controller` Control Plane +1. Provide a name for your new Control Plane +1. Click **Generate Script** in the "Connect to KIC" section. +1. Click **Generate Certificate** in step 3. +1. Save the contents of **Cluster Certificate** in a file named `tls.crt`. Save the contents of **Cluster Key** in a file named `tls.key`. +1. Create a Kubernetes secret containing the cluster certificate: + + ```bash + kubectl create secret tls konnect-client-tls --cert=/{PATH_TO_FILE}/tls.crt --key=/{PATH_TO_FILE}/tls.key + ``` +1. In the **Configuration parameters** step 4, find the value of `runtimeGroupID`. Replace `YOUR_CP_ID` with the control plane ID in the following manifest. +1. In the **Configuration parameters** step 4, find the value of `cluster_telemetry_endpoint`. The first segment of that value is the control plane endpoint for your cluster. For example, if the value of `cluster_telemetry_endpoint` is `36fc5d01be.us.cp0.konghq.com`, then the control plane endpoint of the cluster is `36fc5d01be`. Replace `YOUR_CP_ENDPOINT` with your control plane ID in the following manifest. +1. Deploy the data plane with `kubectl apply`: ```yaml -echo ' -kind: GatewayConfiguration +echo 'kind: GatewayConfiguration +apiVersion: gateway-operator.konghq.com/{{ gatewayConfigApiVersion }} +metadata: + name: kong + namespace: default +spec: + controlPlaneOptions: + deployment: + podTemplateSpec: + spec: + containers: + - name: controller + image: kong/kubernetes-ingress-controller:{{ site.data.kong_latest_KIC.version }} + env: + - name: CONTROLLER_KONNECT_ADDRESS + value: https://us.kic.api.konghq.com + - name: CONTROLLER_KONNECT_LICENSING_ENABLED + value: "true" + - name: CONTROLLER_KONNECT_RUNTIME_GROUP_ID + value: YOUR_CP_ID + - name: CONTROLLER_KONNECT_SYNC_ENABLED + value: "true" + - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT + valueFrom: + secretKeyRef: + key: tls.crt + name: konnect-client-tls + - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY + valueFrom: + secretKeyRef: + key: tls.key + name: konnect-client-tls + volumeMounts: + - name: cluster-certificate + mountPath: /var/cluster-certificate + volumes: + - name: cluster-certificate + dataPlaneOptions: + deployment: + podTemplateSpec: + spec: + containers: + - name: proxy + image: kong/kong-gateway:{{ site.data.kong_latest_gateway.ee-version }} + readinessProbe: + initialDelaySeconds: 1 + periodSeconds: 1 + env: + - name: KONG_DATABASE + value: "off" + - name: KONG_CLUSTER_CONTROL_PLANE + value: YOUR_CP_ENDPOINT.us.cp0.konghq.com:443 + - name: KONG_CLUSTER_SERVER_NAME + value: YOUR_CP_ENDPOINT.us.cp0.konghq.com + - name: KONG_CLUSTER_TELEMETRY_ENDPOINT + value: YOUR_CP_ENDPOINT.us.tp0.konghq.com:443 + - name: KONG_CLUSTER_TELEMETRY_SERVER_NAME + value: YOUR_CP_ENDPOINT.us.tp0.konghq.com + - name: KONG_CLUSTER_MTLS + value: pki + - name: KONG_CLUSTER_CERT + value: /etc/secrets/konnect-client-tls/tls.crt + - name: KONG_CLUSTER_CERT_KEY + value: /etc/secrets/konnect-client-tls/tls.key + - name: KONG_LUA_SSL_TRUSTED_CERTIFICATE + value: system + - name: KONG_KONNECT_MODE + value: "on" + - name: KONG_VITALS + value: "off" + volumeMounts: + - name: cluster-certificate + mountPath: /var/cluster-certificate + - name: konnect-client-tls + mountPath: /etc/secrets/konnect-client-tls/ + readOnly: true + volumes: + - name: cluster-certificate + - name: konnect-client-tls + secret: + secretName: konnect-client-tls + defaultMode: 420' | kubectl apply -f - +``` +{% endnavtab %} +{% endif_version %} +{% navtab On-Prem %} + +This example shows how to customize the log level of {{ site.kic_product_name }}: + +```yaml +echo 'kind: GatewayConfiguration apiVersion: gateway-operator.konghq.com/{{ gatewayConfigApiVersion }} metadata: name: kong @@ -46,8 +162,23 @@ spec: image: kong/kubernetes-ingress-controller:{{ site.data.kong_latest_KIC.version }} env: - name: CONTROLLER_LOG_LEVEL - value: debug ---- + value: debug' | kubectl apply -f - +``` +{% endnavtab %} +{% endnavtabs %} + +The results should look like this: + +```text +gatewayconfiguration.gateway-operator.konghq.com/kong created +``` + +## GatewayClass + +To use the Gateway API resources to configure your routes, you need to create a `GatewayClass` instance and create a `Gateway` resource that listens on the ports that you need. + +```yaml +echo ' kind: GatewayClass apiVersion: gateway.networking.k8s.io/v1beta1 metadata: @@ -70,15 +201,12 @@ spec: listeners: - name: http protocol: HTTP - port: 80 - -' | kubectl apply -f - + port: 80' | kubectl apply -f - ``` The results should look like this: ```text -gatewayconfiguration.gateway-operator.konghq.com/kong created gatewayclass.gateway.networking.k8s.io/kong created gateway.gateway.networking.k8s.io/kong created ``` diff --git a/app/_src/gateway-operator/get-started/kic/install.md b/app/_src/gateway-operator/get-started/kic/install.md index 2fe317e9909b..9599a7672eaf 100644 --- a/app/_src/gateway-operator/get-started/kic/install.md +++ b/app/_src/gateway-operator/get-started/kic/install.md @@ -18,4 +18,8 @@ You can configure your `GatewayClass` and `Gateway` objects in a vendor independ This means that CRDs for both the Gateway API and {{ site.kic_product_name }} have to be installed. +```bash +kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml +``` + {% include md/kgo/prerequisites.md disable_accordian=true version=page.version release=page.release %} From 464fb698fce8db7a8145d4b986c941c179465e29 Mon Sep 17 00:00:00 2001 From: Michael Heap Date: Fri, 4 Oct 2024 13:57:12 +0100 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Diana <75819066+cloudjumpercat@users.noreply.github.com> --- .../get-started/kic/create-gateway.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/app/_src/gateway-operator/get-started/kic/create-gateway.md b/app/_src/gateway-operator/get-started/kic/create-gateway.md index da23ad2febe8..09eb61beb193 100644 --- a/app/_src/gateway-operator/get-started/kic/create-gateway.md +++ b/app/_src/gateway-operator/get-started/kic/create-gateway.md @@ -21,9 +21,9 @@ Creating `GatewayClass` and `Gateway` resources in Kubernetes causes {{ site.kgo ## GatewayConfiguration -You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} deployments using the `GatewayConfiguration` CRD. This allows you to control the image being used, and set any environment variables required. +You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} deployments using the `GatewayConfiguration` CRD. This allows you to control the image being used, and set any required environment variables. {%- if_version gte:1.2.x %} - If you are creating a KIC in Konnect deployment, you need to customize the deployment to contain your control plane ID and authentication certificate + If you are creating a KIC in {{site.konnect_short_name}} deployment, you need to customize the deployment to contain your control plane ID and authentication certificate. {%- endif_version %} {% navtabs gc %} @@ -32,9 +32,11 @@ You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} d To get the endpoint and the authentication details of the data plane. 1. [Log in to {{ site.konnect_short_name }}](https://cloud.konghq.com/login). -1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager) and create a new `Kong Ingress Controller` Control Plane -1. Provide a name for your new Control Plane -1. Click **Generate Script** in the "Connect to KIC" section. +1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager), click **New Control Plane** and select **Kong Ingress Controller**. +1. Enter a name for your new control plane. +1. Complete the prerequisites in step 1 in the {{site.konnect_short_name}} UI to get a load balanced Kubernetes cluster. +1. Complete the Helm setup in step 2 in the {{site.konnect_short_name}} UI. +1. In the Connect to KIC section, click **Generate Script**. 1. Click **Generate Certificate** in step 3. 1. Save the contents of **Cluster Certificate** in a file named `tls.crt`. Save the contents of **Cluster Key** in a file named `tls.key`. 1. Create a Kubernetes secret containing the cluster certificate: @@ -134,7 +136,7 @@ spec: {% endif_version %} {% navtab On-Prem %} -This example shows how to customize the log level of {{ site.kic_product_name }}: +Use the following example to customize the log level of {{ site.kic_product_name }}: ```yaml echo 'kind: GatewayConfiguration From 1255c76fe8e691637b929471d75c3a7dba8f6bfc Mon Sep 17 00:00:00 2001 From: Michael Heap Date: Fri, 4 Oct 2024 14:20:37 +0100 Subject: [PATCH 3/4] Update KIC in Konnect with KGO docs --- .../get-started/kic/create-gateway.md | 17 +++-------------- .../get-started/kic/create-route.md | 11 ++++++++++- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/app/_src/gateway-operator/get-started/kic/create-gateway.md b/app/_src/gateway-operator/get-started/kic/create-gateway.md index 09eb61beb193..56144db247a3 100644 --- a/app/_src/gateway-operator/get-started/kic/create-gateway.md +++ b/app/_src/gateway-operator/get-started/kic/create-gateway.md @@ -33,16 +33,14 @@ You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} d To get the endpoint and the authentication details of the data plane. 1. [Log in to {{ site.konnect_short_name }}](https://cloud.konghq.com/login). 1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager), click **New Control Plane** and select **Kong Ingress Controller**. -1. Enter a name for your new control plane. -1. Complete the prerequisites in step 1 in the {{site.konnect_short_name}} UI to get a load balanced Kubernetes cluster. -1. Complete the Helm setup in step 2 in the {{site.konnect_short_name}} UI. -1. In the Connect to KIC section, click **Generate Script**. +1. Enter a name for your new control plane +1. In the _Connect to KIC_ section, click **Generate Script**. 1. Click **Generate Certificate** in step 3. 1. Save the contents of **Cluster Certificate** in a file named `tls.crt`. Save the contents of **Cluster Key** in a file named `tls.key`. 1. Create a Kubernetes secret containing the cluster certificate: ```bash - kubectl create secret tls konnect-client-tls --cert=/{PATH_TO_FILE}/tls.crt --key=/{PATH_TO_FILE}/tls.key + kubectl create secret tls konnect-client-tls --cert=./tls.crt --key=./tls.key ``` 1. In the **Configuration parameters** step 4, find the value of `runtimeGroupID`. Replace `YOUR_CP_ID` with the control plane ID in the following manifest. 1. In the **Configuration parameters** step 4, find the value of `cluster_telemetry_endpoint`. The first segment of that value is the control plane endpoint for your cluster. For example, if the value of `cluster_telemetry_endpoint` is `36fc5d01be.us.cp0.konghq.com`, then the control plane endpoint of the cluster is `36fc5d01be`. Replace `YOUR_CP_ENDPOINT` with your control plane ID in the following manifest. @@ -212,12 +210,3 @@ The results should look like this: gatewayclass.gateway.networking.k8s.io/kong created gateway.gateway.networking.k8s.io/kong created ``` - -Run `kubectl get gateway kong -n default` to get the IP address for the gateway and set that as the value for the variable `PROXY_IP`. - -```bash -export PROXY_IP=$(kubectl get gateway kong -n default -o jsonpath='{.status.addresses[0].value}') -``` - -{:.note} -> Note: if your cluster can not provision LoadBalancer type Services then the IP you receive may only be routable from within the cluster. diff --git a/app/_src/gateway-operator/get-started/kic/create-route.md b/app/_src/gateway-operator/get-started/kic/create-route.md index f3774ccbb519..9cdf4036d2f8 100644 --- a/app/_src/gateway-operator/get-started/kic/create-route.md +++ b/app/_src/gateway-operator/get-started/kic/create-route.md @@ -54,7 +54,16 @@ After you've installed all of the required components and configured a `GatewayC ## Test the configuration -1. To test the configuration, make a call to the `$PROXY_IP` that you configured. +1. Run `kubectl get gateway kong -n default` to get the IP address for the gateway and set that as the value for the variable `PROXY_IP`. + + ```bash + export PROXY_IP=$(kubectl get gateway kong -n default -o jsonpath='{.status.addresses[0].value}') + ``` + + {:.note} + > Note: if your cluster can not provision LoadBalancer type Services then the IP you receive may only be routable from within the cluster. + +1. Make a call to the `$PROXY_IP` that you configured. ```bash curl $PROXY_IP/echo From b992c9f2f44d4b97d5212926988b4576e78ffdcf Mon Sep 17 00:00:00 2001 From: Michael Heap Date: Fri, 4 Oct 2024 15:27:13 +0100 Subject: [PATCH 4/4] Fix Vale --- app/_src/gateway-operator/get-started/kic/create-gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/_src/gateway-operator/get-started/kic/create-gateway.md b/app/_src/gateway-operator/get-started/kic/create-gateway.md index 56144db247a3..d2f5a507c67e 100644 --- a/app/_src/gateway-operator/get-started/kic/create-gateway.md +++ b/app/_src/gateway-operator/get-started/kic/create-gateway.md @@ -32,7 +32,7 @@ You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} d To get the endpoint and the authentication details of the data plane. 1. [Log in to {{ site.konnect_short_name }}](https://cloud.konghq.com/login). -1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager), click **New Control Plane** and select **Kong Ingress Controller**. +1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager), click **New Control Plane** and select **{{ site.kic_product_name }}**. 1. Enter a name for your new control plane 1. In the _Connect to KIC_ section, click **Generate Script**. 1. Click **Generate Certificate** in step 3.