This guide explains how to configure feature gates and controllers for a ControlPlane in Kong Operator. Feature gates (spec.featureGates) allow you to enable or disable specific features, while controllers (spec.controllers) allow you to enable or disable specific resource reconciliation.
You can use these for the following use cases:
Feature gates control the availability of features in the ControlPlane. They follow the same concept as Kubernetes feature gates.
To configure feature gates, use the spec.featureGates field in your ControlPlane resource:
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: my-controlplane
spec:
featureGates:
- name: GatewayAlpha
state: enabled
- name: FillIDs
state: enabled
dataplane:
type: managedByOwner
The following feature gates are available:
|
Feature gate |
Default |
Description |
|---|---|---|
GatewayAlpha
|
false
|
Enables alpha maturity Gateway API features. |
FillIDs
|
true
|
Makes KIC fill in ID fields of Kong Gateway entities (Gateway Services, Routes, Consumers) to ensure stable IDs across restarts. |
RewriteURIs
|
false
|
Enables the konghq.com/rewrite annotation.
|
KongServiceFacade
|
false
|
Enables KongServiceFacade Custom Resource reconciliation.
|
SanitizeKonnectConfigDumps
|
true
|
Enables sanitization of Konnect config dumps. |
FallbackConfiguration
|
false
|
Enables generating fallback configuration when the Kong Gateway Admin API returns entity errors. |
KongCustomEntity
|
true
|
Enables KongCustomEntity Custom Resource reconciliation for custom Kong Gateway entities.
|
Controllers determine which Kubernetes resources the ControlPlane will reconcile. You can selectively enable or disable controllers based on your needs.
To configure controllers, use the spec.controllers field in your ControlPlane resource:
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: my-controlplane
spec:
controllers:
- name: INGRESS_NETWORKINGV1
state: enabled
- name: SERVICE
state: enabled
- name: KONG_PLUGIN
state: enabled
- name: GWAPI_GATEWAY
state: disabled
- name: GWAPI_HTTPROUTE
state: disabled
dataplane:
type: managedByOwner
The following tables describe which controllers are available by product or tool.
The following Ingress controllers are available in Kong Operator:
|
Controller name |
Enabled by default |
Description |
|---|---|---|
INGRESS_NETWORKINGV1
|
Yes | Manages Kubernetes Ingress resources (networking/v1). |
INGRESS_CLASS_NETWORKINGV1
|
Yes | Manages Kubernetes IngressClass resources (networking/v1). |
INGRESS_CLASS_PARAMETERS
|
Yes | Manages IngressClass parameters. |
The following Kong Gateway controllers are available in Kong Operator:
|
Controller name |
Enabled by default |
Description |
|---|---|---|
KONG_CLUSTERPLUGIN
|
Yes | Manages Kong cluster-scoped plugin resources. |
KONG_PLUGIN
|
Yes | Manages Kong plugin resources. |
KONG_CONSUMER
|
Yes | Manages Kong consumer resources. |
KONG_UPSTREAM_POLICY
|
Yes | Manages Kong upstream policy resources. |
KONG_SERVICE_FACADE
|
Yes | Manages Kong service facade resources. |
KONG_VAULT
|
Yes | Manages Kong vault resources. |
KONG_LICENSE
|
Yes | Manages Kong license resources. |
KONG_CUSTOM_ENTITY
|
Yes | Manages Kong custom entity resources. |
The following kubernetes core controllers are available in Kong Operator:
|
Controller name |
Enabled by default |
Description |
|---|---|---|
SERVICE
|
Yes | Manages Kubernetes Service resources. |
The following Gateway API controllers are available in Kong Operator:
|
Controller name |
Enabled by default |
Description |
|---|---|---|
GWAPI_GATEWAY
|
Yes | Manages Gateway API Gateway resources. |
GWAPI_HTTPROUTE
|
Yes | Manages Gateway API HTTPRoute resources. |
GWAPI_GRPCROUTE
|
Yes | Manages Gateway API GRPCRoute resources. |
GWAPI_REFERENCE_GRANT
|
Yes | Manages Gateway API ReferenceGrant resources. |
You can verify your configuration by checking the ControlPlane status:
kubectl get controlplane my-controlplane -o jsonpath='{.status}' | jq .
The status will show which feature gates and controllers are active.
The following sections provide examples using feature gates and controllers for common use cases.
Use the following example to enable full Gateway API support:
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: gateway-api-controlplane
spec:
featureGates:
- name: GatewayAlpha
state: enabled
controllers:
- name: GWAPI_GATEWAY
state: enabled
- name: GWAPI_HTTPROUTE
state: enabled
- name: GWAPI_GRPCROUTE
state: enabled
- name: GWAPI_REFERENCE_GRANT
state: enabled
dataplane:
type: managedByOwner
Use the following example for a minimal setup that only manages Ingress resources:
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: ingress-only-controlplane
spec:
controllers:
- name: INGRESS_NETWORKINGV1
state: enabled
- name: INGRESS_CLASS_NETWORKINGV1
state: enabled
- name: SERVICE
state: enabled
# Disable all other controllers
- name: KONG_PLUGIN
state: disabled
- name: KONG_CONSUMER
state: disabled
- name: GWAPI_GATEWAY
state: disabled
- name: GWAPI_HTTPROUTE
state: disabled
dataplane:
type: managedByOwner
Use the following example to enable experimental features like URI rewriting and fallback configuration:
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: experimental-controlplane
spec:
featureGates:
- name: RewriteURIs
state: enabled
- name: FallbackConfiguration
state: enabled
- name: KongServiceFacade
state: enabled
dataplane:
type: managedByOwner