Install Kong Operator

Kong Operator will automatically install the Cluster Resource Definitions as part of the Helm deployment. If you are upgrading the CRDs as part of an existing Kong Operator installation, you should deploy them manually:

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml --server-side

Kong Operator 2.1 enables Combine HTTP routes by default. This will automatically reduce the number of Services with the same backendRef. During an upgrade from Kong Operator 2.0 to 2.1, this will mean a couple of seconds of downtime for your Services as they are automatically merged. To disable this, set thespec.controlPlaneOptions.translation.combinedServicesFromDifferentHTTPRoutes parameter to disabled in your GatewayConfiguration.

1. Add the Kong Helm charts:

   helm repo add kong https://charts.konghq.com
   helm repo update
   

   Copied!

2. Install Kong Operator using Helm:

   helm upgrade --install kong-operator kong/kong-operator -n kong-system \
     --create-namespace \
     --set image.tag=2.1.0 \
     --set env.ENABLE_CONTROLLER_KONNECT=true
   

   Copied!

   helm upgrade --install kong-operator kong/kong-operator -n kong-system \
     --create-namespace \
     --set image.tag=2.1.0
   

   Copied!

   If you want cert-manager to issue and rotate the admission and conversion webhook certificates, install cert-manager to your cluster and enable cert-manager integration by passing the following argument while installing, in the next step:

   --set global.webhooks.options.certManager.enabled=true
   

   Copied!

   If you do not enable this, the chart will generate and inject self-signed certificates automatically. We recommend enabling cert-manager to manage the lifecycle of these certificates.

   Kong Operator needs a certificate authority to sign the certificate for mTLS communication between the control plane and the data plane. This is handled automatically by the Helm chart. If you need to provide a custom CA certificate, refer to the certificateAuthority section in the values.yaml of the Helm chart to learn how to create and reference your own CA certificate.

This tutorial doesn’t require a license, but you can add one using KongLicense. This assumes that your license is available in ./license.json.

echo "
apiVersion: configuration.konghq.com/v1alpha1
kind: KongLicense
metadata:
 name: kong-license
rawLicenseString: '$(cat ./license.json)'
" | kubectl apply -f -

Wait for Kong Operator to be ready

kubectl -n kong-system wait --for=condition=Available=true --timeout=120s deployment/kong-operator-kong-operator-controller-manager

Once the kong-operator-kong-operator-controller-manager deployment is ready, you can deploy a Gateway and a GatewayClass that references the GatewayConfiguration holding the Konnect parameters.