Home / Kong Operator / Konnect / Reference
Edit
Report

Migrate Konnect DataPlanes from Kong Gateway Operator 1.4 to 1.5

Uses: Kong Operator
Related Documentation
Operator Documentation

This document helps to migrate from the gateway-operator.konghq.com to the konnect.konghq.com KonnectExtension.

  1. Label the certificate Secret:

     kubectl label secret -n kong konnect-client-tls konghq.com/konnect-dp-cert=true

  2. Install new kubernetes-configuration CRDs:

     kustomize build https://github.com/kong/kubernetes-configuration/crd/gateway-operator | kubectl apply --server-side -f -

    To verify version compatibility with kubernetes-configuration CRDs, please consult the version compatibility table.

    Note: In case CRDs were installed via helm you might need to force conflicts:

     kustomize build https://github.com/kong/kubernetes-configuration/crd/gateway-operator | kubectl apply --server-side --force-conflicts -f -

  3. Upgrade to new controller version (e.g. set the image.tag in values.yaml to v1.5.0)

  4. Create:

    1. KonnectAPIAuthConfiguration with your Konnect API token (create one here), for example:

       echo '
 kind: KonnectAPIAuthConfiguration
 apiVersion: konnect.konghq.com/v1alpha1
 metadata:
   name: konnect-api-auth
   namespace: kong
 spec:
   type: token
   token: kpat_XXXXXXXXX
   serverURL: us.api.konghq.com' | kubectl apply -f -

    2. New KonnectExtension using the konnect.konghq.com API group and reference the Konnect CP by KonnectID.

      For example, the following KonnectExtension from 1.4 (using the gateway-operator.konghq.com API group):

       kind: KonnectExtension
 apiVersion: gateway-operator.konghq.com/v1alpha1
 metadata:
   name: example-konnect-config
   namespace: kong
 spec:
   controlPlaneRef:
     type: konnectID
     konnectID: <CP_ID>
   controlPlaneRegion: <REGION> # This will be inferred in 1.5+ using the Konnect API
   serverHostname: <HOSTNAME>   # This will be inferred in 1.5+ using the Konnect API
   konnectControlPlaneAPIAuthConfiguration:
     clusterCertificateSecretRef:
       name: konnect-client-tls

      Would translate into following KonnectExtension in 1.5 (using the konnect.konghq.com API group):

       kind: KonnectExtension
 apiVersion: konnect.konghq.com/v1alpha1
 metadata:
   name: example-konnect-config
   namespace: kong
 spec:
   konnect:
     controlPlane:
       ref:
         type: konnectID
         konnectID: a6554c4c-79a6-4db7-b7a4-201c0cf746ba # The Konnect controlPlane ID
     configuration:
       authRef:
         name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object
   clientAuth:
     certificateSecret:
       provisioning: Manual
       secretRef:
         name: konnect-client-tls

  5. Ensure that your DataPlane, ControlPlane and GatewayConfiguration objects use the new extension: by verifying the extensions field in the spec:

     spec:
   extensions:
   - kind: KonnectExtension
     name: my-konnect-config
     group: konnect.konghq.com # Ensure that group matches this value.

  6. Remove the finalizer from the old extension:

     kubectl patch konnectextensions.gateway-operator.konghq.com example-konnect-config -n kong -p '{"metadata":{"finalizers":null}}' --type=merge

  7. Delete the old gateway-operator.konghq.com KonnectExtension.

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support