Home / Kong Gateway Operator / Konnect / Konnect CRDs: Gateway
Edit
Report

Enable a plugin on a Route

Uses: Kong Gateway Operator
Related Documentation
All Operator Documentation
Incompatible with
on-prem
Tags
#konnect-crd
Related Resources
Understanding KongPluginBinding
KongPlugin reference
Plugins
TL;DR

You can associate plugins with an entity, like a Consumer or Gateway Service, in Konnect. To do this with KGO, you must create a KongPlugin and use KongPluginBinding to associate it with another entity.

Prerequisites

Kong Konnect

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Kong Gateway Operator running

  1. Add the Kong Helm charts:

    helm repo add kong https://charts.konghq.com
helm repo update

  2. Create a kong namespace:

    kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -

  3. Install Kong Ingress Controller using Helm:

    helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace  \
  --set image.tag=1.5 \
  --set kubernetes-configuration-crds.enabled=true \
  --set env.ENABLE_CONTROLLER_KONNECT=true

Kong Gateway Operator running

  1. Add the Kong Helm charts:

    helm repo add kong https://charts.konghq.com
helm repo update

  2. Create a kong namespace:

    kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -

  3. Install Kong Ingress Controller using Helm:

    helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace  \
  --set image.tag=1.5 \
  --set kubernetes-configuration-crds.enabled=true \
  --set env.ENABLE_CONTROLLER_KONNECT=true

Create a KonnectAPIAuthConfiguration resource

 
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: konnect-api-auth
  namespace: kong
spec:
  type: token
  token: "'$KONNECT_TOKEN'"
  serverURL: us.api.konghq.com
' | kubectl apply -f -

Create a KonnectGatewayControlPlane resource

 
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: gateway-control-plane
  namespace: kong
spec:
  name: gateway-control-plane
  konnect:
    authRef:
      name: konnect-api-auth
' | kubectl apply -f -

Create a KongService

In this tutorial, we’ll bind a plugin to Kong Gateway entities, like a Route, using the KongPluginBinding CRD.

First, create a Gateway Service in Konnect Gateway Manager using the KongService CRD:

echo '
kind: KongService
apiVersion: configuration.konghq.com/v1alpha1
metadata:
  name: example-service
  namespace: kong
spec:
  name: example-service
  host: httpbin.konghq.com
  protocol: http
  controlPlaneRef:
    type: konnectNamespacedRef
    konnectNamespacedRef:
      name: gateway-control-plane
' | kubectl apply -f -

Create a KongRoute

To expose the Service, create a KongRoute associated with the KongService defined previously:

echo '
kind: KongRoute
apiVersion: configuration.konghq.com/v1alpha1
metadata:
  name: example-route
  namespace: kong
spec:
  name: example-route
  protocols:
  - http
  paths:
  - "/anything"
  serviceRef:
    type: namespacedRef
    namespacedRef:
      name: example-service
' | kubectl apply -f -

Enable a KongPlugin and create a KongPluginBinding

In this tutorial, you’ll enable a simple configuration of the Rate Limiting plugin.

First, enable the plugin:

echo '
kind: KongPlugin
apiVersion: configuration.konghq.com/v1
metadata:
  name: rate-limiting-minute-5
  namespace: kong
plugin: rate-limiting
config:
  policy: local
  minute: 5
  hour: 1000
' | kubectl apply -f -

Then, to bind the plugin to the Route, create a KongPluginBinding:

echo '
kind: KongPluginBinding
apiVersion: configuration.konghq.com/v1alpha1
metadata:
  name: binding-route-example-rate-limiting
  namespace: kong
spec:
  pluginRef:
    kind: KongPlugin
    name: rate-limiting-minute-5
  targets:
    routeRef:
      group: configuration.konghq.com
      kind: KongRoute
      name: example-route
  controlPlaneRef:
    type: konnectNamespacedRef
    konnectNamespacedRef:
      name: gateway-control-plane
' | kubectl apply -f -

Validate

Check that Programmed is True on the binding-route-example-rate-limiting resource:

You can verify the KongPluginBinding was reconciled successfully by checking its Programmed condition.

kubectl get -n kong kongpluginbinding binding-route-example-rate-limiting \
  -o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq

The output should look similar to this:

{
  "observedGeneration": 1,
  "reason": "Programmed",
  "status": "True",
  "type": "Programmed"
}
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support