Create a KonnectEventGateway, backend cluster, virtual cluster, listener, KegDataPlane, listener policy, and consume and produce policies.
This page is part of the Deploy Kong Event Gateway on Kubernetes series.
Complete the previous page, Install Kong Operator for Kong Event Gateway before completing this page.
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: konnect-api-auth
namespace: kong
spec:
type: token
token: "'$KONNECT_TOKEN'"
serverURL: us.api.konghq.com
' | kubectl apply -f -This deployment pattern is the simplest way to validate Kong Event Gateway.
It exposes a LoadBalancer Service and uses portMapping so that Kafka clients connect through one bootstrap port and one port per broker. For production environments, we recommend using Kong Gateway with Kong Operator to set up a TLSRoute and an SNI wildcard.
KonnectEventGateway
The KonnectEventGateway resource creates the Event Gateway control plane in Konnect and gives the rest of the resources in this guide a parent to attach to.
Create the KonnectEventGateway resource:
echo '
apiVersion: konnect.konghq.com/v1alpha1
kind: KonnectEventGateway
metadata:
name: cp-event-1
namespace: kong
spec:
apiSpec:
name: cp-event-1
description: Event Gateway control plane managed by Kubernetes
konnect:
authRef:
name: konnect-api-auth
' | kubectl apply -f -Wait for the resource to be ready:
kubectl wait konnecteventgateway/cp-event-1 -n kong \
--for=condition=Programmed=True \
--timeout=10mThe EventGatewayBackendCluster resource tells Kong Event Gateway which upstream Kafka cluster to connect to. In this example, it points at the Bitnami Kafka bootstrap Service in the kafka namespace. For more information, see the backend cluster docs.
Create the EventGatewayBackendCluster resource:
echo '
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayBackendCluster
metadata:
name: default-backend-cluster
namespace: kong
spec:
gatewayRef:
type: namespacedRef
namespacedRef:
name: cp-event-1
apiSpec:
name: default_backend_cluster
bootstrapServers:
- kafka-cluster.kafka.svc.cluster.local:9092
authentication:
type: anonymous
anonymous: {}
insecureAllowAnonymousVirtualClusterAuth: Enabled
tls:
enabled: Disabled
' | kubectl apply -f -Wait for the resource to be ready:
kubectl wait eventgatewaybackendcluster/default-backend-cluster -n kong \
--for=condition=Programmed=True \
--timeout=10mThe EventGatewayVirtualCluster resource is the Kafka-facing cluster your clients connect to, while the EventGatewayListener resource opens the network ports that accept those client connections. For more information, see the virtual cluster docs and listener docs.
Create the EventGatewayVirtualCluster and EventGatewayListener resources:
echo '
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayVirtualCluster
metadata:
name: example-virtual-cluster
namespace: kong
spec:
eventGatewayBackendClusterRef:
type: namespacedRef
namespacedRef:
name: default-backend-cluster
apiSpec:
name: example_virtual_cluster
dnsLabel: vcluster-1
aclMode: passthrough
authentication:
- type: anonymous
namespace:
prefix: "vc1_"
mode: hide_prefix
---
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayListener
metadata:
name: example-listener
namespace: kong
spec:
apiSpec:
name: example_listener
addresses:
- 0.0.0.0
ports:
- "9092-9095"
gatewayRef:
type: namespacedRef
namespacedRef:
name: cp-event-1
' | kubectl apply -f -Wait for the resources to be ready:
kubectl wait eventgatewayvirtualcluster/example-virtual-cluster -n kong \
--for=condition=Programmed=True \
--timeout=10m
kubectl wait eventgatewaylistener/example-listener -n kong \
--for=condition=Programmed=True \
--timeout=10mKegDataPlane
The KegDataPlane resource runs Kong Event Gateway inside Kubernetes. In the port-mapping pattern, it exposes a LoadBalancer Service with one bootstrap port and one port per broker.
Deploy the KegDataPlane:
echo '
apiVersion: eventgateway.konghq.com/v1alpha1
kind: KegDataPlane
metadata:
name: my-event-gateway-dp
namespace: kong
spec:
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: cp-event-1
network:
services:
kafka:
type: LoadBalancer
ports:
- name: kafka
port: 9092
targetPort: 9092
- name: broker-1
port: 9093
targetPort: 9093
- name: broker-2
port: 9094
targetPort: 9094
- name: broker-3
port: 9095
targetPort: 9095
' | kubectl apply -f -LoadBalancer addressThe listener policy needs an explicit advertisedHost. Export the LoadBalancer IP from the Kafka Service:
export KAFKA_LB_HOST=$(kubectl get service my-event-gateway-dp-kafka -n kong \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo $KAFKA_LB_HOSTThe EventGatewayListenerPolicy connects the listener to the virtual cluster. In this mode, portMapping maps one external bootstrap port and one external port per broker. For more information, see the Event Gateway policy docs.
Create the EventGatewayListenerPolicy resource:
echo '
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayListenerPolicy
metadata:
name: example-listener-policy
namespace: kong
spec:
apiSpec:
type: forwardToVirtualCluster
forwardToVirtualCluster:
name: forward
config:
type: portMapping
portMapping:
advertisedHost: '"$KAFKA_LB_HOST"'
bootstrapPort: at_start
destination:
name: example_virtual_cluster
eventGatewayListenerRef:
type: namespacedRef
namespacedRef:
name: example-listener
' | kubectl apply -f -Wait for the resource to be ready:
kubectl wait eventgatewaylistenerpolicy/example-listener-policy -n kong \
--for=condition=Programmed=True \
--timeout=10mThese optional virtual-cluster policies let you shape consume and produce traffic independently. This example adds a header on each path so you can verify the policies are attached. For more information, see the Event Gateway policy docs.
Create the EventGatewayVirtualClusterConsumePolicy and EventGatewayVirtualClusterProducePolicy resources:
echo '
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayVirtualClusterConsumePolicy
metadata:
name: example-virtual-cluster-consume-policy
namespace: kong
spec:
eventGatewayVirtualClusterRef:
type: namespacedRef
namespacedRef:
name: example-virtual-cluster
apiSpec:
type: modifyHeaders
modifyHeaders:
name: example_consume_policy
description: Add a marker header to consumed records
config:
actions:
- op: set
set:
key: x-kong-consume-policy
value: example
---
apiVersion: configuration.konghq.com/v1alpha1
kind: EventGatewayVirtualClusterProducePolicy
metadata:
name: example-virtual-cluster-produce-policy
namespace: kong
spec:
eventGatewayVirtualClusterRef:
type: namespacedRef
namespacedRef:
name: example-virtual-cluster
apiSpec:
type: modifyHeaders
modifyHeaders:
name: example_produce_policy
description: Add a marker header to produced records
config:
actions:
- op: set
set:
key: x-kong-produce-policy
value: example
' | kubectl apply -f -Wait for the resources to be ready:
kubectl wait eventgatewayvirtualclusterconsumepolicy/example-virtual-cluster-consume-policy -n kong \
--for=condition=Programmed=True \
--timeout=10m
kubectl wait eventgatewayvirtualclusterproducepolicy/example-virtual-cluster-produce-policy -n kong \
--for=condition=Programmed=True \
--timeout=10mRun kcat in the cluster and request broker metadata:
kubectl run kcat-portmap --rm -i --restart=Never --image=edenhill/kcat:1.7.1 -n kong \
--command -- kcat -b ${KAFKA_LB_HOST}:9092 -LYou should see one bootstrap endpoint on port 9092 and one port per broker on 9093, 9094, and 9095, for example:
Metadata for all topics (from broker -1: 127.0.0.0:9092/bootstrap):
3 brokers:
broker 0 at 127.0.0.0:9093
broker 1 at 127.0.0.0:9094
broker 2 at 127.0.0.0:9095 (controller)
0 topics:
pod "kcat-portmap" deleted from kong namespace