Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add KIC in Konnect with KGO example #7488

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+152 −20
Open

Add KIC in Konnect with KGO example #7488

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4414a14
Add KIC in Konnect with KGO example
mheap Jun 7, 2024
464fb69
Apply suggestions from code review
mheap Oct 4, 2024
1255c76
Update KIC in Konnect with KGO docs
mheap Oct 4, 2024
b992c9f
Fix Vale
mheap Oct 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 138 additions & 19 deletions app/_src/gateway-operator/get-started/kic/create-gateway.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
title: Create a GatewayClass
title: Create a Gateway
content-type: tutorial
book: kgo-kic-get-started
chapter: 2
Expand All @@ -17,11 +17,127 @@ chapter: 2
> in order to get your `Gateway` up and running.
{% endif_version %}

To use the Gateway API resources to configure your routes, you need to create a `GatewayClass` instance and create a `Gateway` resource that listens on the ports that you need.
Creating `GatewayClass` and `Gateway` resources in Kubernetes causes {{ site.kgo_product_name }} to create a {{ site.kic_product_name }} and {{ site.base_gateway }} deployment.

## GatewayConfiguration
mheap marked this conversation as resolved.
Show resolved Hide resolved

You can customize your {{ site.kic_product_name }} and {{ site.base_gateway }} deployments using the `GatewayConfiguration` CRD. This allows you to control the image being used, and set any required environment variables.
{%- if_version gte:1.2.x %}
If you are creating a KIC in {{site.konnect_short_name}} deployment, you need to customize the deployment to contain your control plane ID and authentication certificate.
{%- endif_version %}

{% navtabs gc %}
{% if_version gte:1.2.x %}
{% navtab Konnect %}

To get the endpoint and the authentication details of the data plane.
1. [Log in to {{ site.konnect_short_name }}](https://cloud.konghq.com/login).
1. Navigate to {% konnect_icon runtimes %} [**Gateway Manager**](https://cloud.konghq.com/us/gateway-manager), click **New Control Plane** and select **{{ site.kic_product_name }}**.
1. Enter a name for your new control plane
1. In the _Connect to KIC_ section, click **Generate Script**.
1. Click **Generate Certificate** in step 3.
1. Save the contents of **Cluster Certificate** in a file named `tls.crt`. Save the contents of **Cluster Key** in a file named `tls.key`.
1. Create a Kubernetes secret containing the cluster certificate:

```bash
kubectl create secret tls konnect-client-tls --cert=./tls.crt --key=./tls.key
```
1. In the **Configuration parameters** step 4, find the value of `runtimeGroupID`. Replace `YOUR_CP_ID` with the control plane ID in the following manifest.
1. In the **Configuration parameters** step 4, find the value of `cluster_telemetry_endpoint`. The first segment of that value is the control plane endpoint for your cluster. For example, if the value of `cluster_telemetry_endpoint` is `36fc5d01be.us.cp0.konghq.com`, then the control plane endpoint of the cluster is `36fc5d01be`. Replace `YOUR_CP_ENDPOINT` with your control plane ID in the following manifest.
1. Deploy the data plane with `kubectl apply`:
mheap marked this conversation as resolved.
Show resolved Hide resolved

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So in Konnect, do I still need to follow the step 4 instructions to copy it into a values.yaml and run helm install kong kong/ingress -n kong --values ./values.yaml? If I exit out of those instructions, it still doesn't show that it's hooked up in Konnect even though I got a gatewayconfiguration.gateway-operator.konghq.com/kong created response.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the Operator replaces helm install

```yaml
echo '
kind: GatewayConfiguration
echo 'kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/{{ gatewayConfigApiVersion }}
metadata:
name: kong
namespace: default
spec:
controlPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: controller
image: kong/kubernetes-ingress-controller:{{ site.data.kong_latest_KIC.version }}
env:
- name: CONTROLLER_KONNECT_ADDRESS
value: https://us.kic.api.konghq.com
- name: CONTROLLER_KONNECT_LICENSING_ENABLED
value: "true"
- name: CONTROLLER_KONNECT_RUNTIME_GROUP_ID
value: YOUR_CP_ID
- name: CONTROLLER_KONNECT_SYNC_ENABLED
value: "true"
- name: CONTROLLER_KONNECT_TLS_CLIENT_CERT
valueFrom:
secretKeyRef:
key: tls.crt
name: konnect-client-tls
- name: CONTROLLER_KONNECT_TLS_CLIENT_KEY
valueFrom:
secretKeyRef:
key: tls.key
name: konnect-client-tls
volumeMounts:
- name: cluster-certificate
mountPath: /var/cluster-certificate
volumes:
- name: cluster-certificate
dataPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: proxy
image: kong/kong-gateway:{{ site.data.kong_latest_gateway.ee-version }}
readinessProbe:
initialDelaySeconds: 1
periodSeconds: 1
env:
- name: KONG_DATABASE
value: "off"
- name: KONG_CLUSTER_CONTROL_PLANE
value: YOUR_CP_ENDPOINT.us.cp0.konghq.com:443
- name: KONG_CLUSTER_SERVER_NAME
value: YOUR_CP_ENDPOINT.us.cp0.konghq.com
- name: KONG_CLUSTER_TELEMETRY_ENDPOINT
value: YOUR_CP_ENDPOINT.us.tp0.konghq.com:443
- name: KONG_CLUSTER_TELEMETRY_SERVER_NAME
value: YOUR_CP_ENDPOINT.us.tp0.konghq.com
- name: KONG_CLUSTER_MTLS
value: pki
- name: KONG_CLUSTER_CERT
value: /etc/secrets/konnect-client-tls/tls.crt
- name: KONG_CLUSTER_CERT_KEY
value: /etc/secrets/konnect-client-tls/tls.key
- name: KONG_LUA_SSL_TRUSTED_CERTIFICATE
value: system
- name: KONG_KONNECT_MODE
value: "on"
- name: KONG_VITALS
value: "off"
volumeMounts:
- name: cluster-certificate
mountPath: /var/cluster-certificate
- name: konnect-client-tls
mountPath: /etc/secrets/konnect-client-tls/
readOnly: true
volumes:
- name: cluster-certificate
- name: konnect-client-tls
secret:
secretName: konnect-client-tls
defaultMode: 420' | kubectl apply -f -
```
{% endnavtab %}
{% endif_version %}
{% navtab On-Prem %}

Use the following example to customize the log level of {{ site.kic_product_name }}:

```yaml
echo 'kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/{{ gatewayConfigApiVersion }}
metadata:
name: kong
Expand All @@ -46,8 +162,23 @@ spec:
image: kong/kubernetes-ingress-controller:{{ site.data.kong_latest_KIC.version }}
env:
- name: CONTROLLER_LOG_LEVEL
value: debug
---
value: debug' | kubectl apply -f -
```
{% endnavtab %}
{% endnavtabs %}

The results should look like this:

```text
gatewayconfiguration.gateway-operator.konghq.com/kong created
```

## GatewayClass

To use the Gateway API resources to configure your routes, you need to create a `GatewayClass` instance and create a `Gateway` resource that listens on the ports that you need.
mheap marked this conversation as resolved.
Show resolved Hide resolved

```yaml
echo '
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
Expand All @@ -70,24 +201,12 @@ spec:
listeners:
- name: http
protocol: HTTP
port: 80

' | kubectl apply -f -
port: 80' | kubectl apply -f -
```

The results should look like this:

```text
gatewayconfiguration.gateway-operator.konghq.com/kong created
gatewayclass.gateway.networking.k8s.io/kong created
mheap marked this conversation as resolved.
Show resolved Hide resolved
gateway.gateway.networking.k8s.io/kong created
```

Run `kubectl get gateway kong -n default` to get the IP address for the gateway and set that as the value for the variable `PROXY_IP`.

```bash
export PROXY_IP=$(kubectl get gateway kong -n default -o jsonpath='{.status.addresses[0].value}')
```

{:.note}
> Note: if your cluster can not provision LoadBalancer type Services then the IP you receive may only be routable from within the cluster.
11 changes: 10 additions & 1 deletion app/_src/gateway-operator/get-started/kic/create-route.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,16 @@ After you've installed all of the required components and configured a `GatewayC

## Test the configuration

1. To test the configuration, make a call to the `$PROXY_IP` that you configured.
1. Run `kubectl get gateway kong -n default` to get the IP address for the gateway and set that as the value for the variable `PROXY_IP`.

```bash
export PROXY_IP=$(kubectl get gateway kong -n default -o jsonpath='{.status.addresses[0].value}')
```

{:.note}
> Note: if your cluster can not provision LoadBalancer type Services then the IP you receive may only be routable from within the cluster.

1. Make a call to the `$PROXY_IP` that you configured.

```bash
curl $PROXY_IP/echo
Expand Down
4 changes: 4 additions & 0 deletions app/_src/gateway-operator/get-started/kic/install.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,8 @@ You can configure your `GatewayClass` and `Gateway` objects in a vendor independ

This means that CRDs for both the Gateway API and {{ site.kic_product_name }} have to be installed.

```bash
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
```

{% include md/kgo/prerequisites.md disable_accordian=true version=page.version release=page.release %}
Loading