Create a Cloud Gateway Network
Use the KonnectCloudGatewayNetwork resource to provision a network and monitor provisioning status in Konnect.
Prerequisites
Kong Konnect
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'Copied!
Kong Gateway Operator running
-
Add the Kong Helm charts:
helm repo add kong https://charts.konghq.com helm repo updateCopied! -
Install Kong Gateway Operator using Helm:
helm upgrade --install kong-operator kong/kong-operator -n kong-system \ --create-namespace \ --set image.tag=2.0.5 \ --set env.ENABLE_CONTROLLER_KONNECT=trueCopied!
If you want cert-manager to issue and rotate the admission and conversion webhook certificates, install cert-manager to your cluster and enable cert-manager integration by passing the following argument while installing:
--set global.webhooks.options.certManager.enabled=true
If you do not enable this, the chart will generate and inject self-signed certificates automatically. We recommend enabling cert-manager to manage the lifecycle of these certificates.
Create a KonnectAPIAuthConfiguration resource
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: konnect-api-auth
namespace: kong
spec:
type: token
token: "'$KONNECT_TOKEN'"
serverURL: us.api.konghq.com
' | kubectl apply -f -
Create a KonnectGatewayControlPlane resource
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha2
metadata:
name: gateway-control-plane
namespace: kong
spec:
createControlPlaneRequest:
name: gateway-control-plane
konnect:
authRef:
name: konnect-api-auth
' | kubectl apply -f -
Provider Account ID
In order to mange Cloud Gateway Networks you need to have a Cloud Gateway Provider Account associated with your Konnect account. You can obtain the ID to your provider account using the Cloud Gateways API.
curl -s -H 'Content-Type: application/json' -H "Authorization: Bearer $KONNECT_TOKEN" -XGET https://global.api.konghq.com/v2/cloud-gateways/provider-accounts | jq
Export the value of the id field to your environment:
export CLOUD_GATEWAY_PROVIDER_ID='YOUR PROVIDER ID'
Create a KonnectCloudGatewayNetwork
Use the KonnectCloudGatewayNetwork resource to provision a Dedicated Cloud Gateway Network in your selected region and availability zones.
echo '
kind: KonnectCloudGatewayNetwork
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: konnect-network-1
namespace: kong
spec:
name: network1
cloud_gateway_provider_account_id: "'$CLOUD_GATEWAY_PROVIDER_ID'"
availability_zones:
- euw1-az1
- euw1-az2
- euw1-az3
cidr_block: 192.168.0.0/16
region: eu-west-1
konnect:
authRef:
name: konnect-api-auth
' | kubectl apply -f -
Validation
Check that Programmed is True on the konnect-network-1 resource:
You can verify the KonnectCloudGatewayNetwork was reconciled successfully by checking its Programmed condition.
kubectl get -n kong konnectcloudgatewaynetwork konnect-network-1 \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}