DB-less Deployments
Kong Gateway Operator can deploy both a Kong Ingress Controller Control Plane and Data Plane resources automatically.
DB-less deployments are powered using the Kubernetes Gateway API.
You configure your GatewayClass
, Gateway
and GatewayConfiguration
objects and Kong Gateway Operator translates those requirements in to Kong specific configuration.
Installation
echo '
kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v1beta1
metadata:
name: kong
namespace: default
spec:
dataPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: proxy
image: kong/kong-gateway:3.9.0.0
readinessProbe:
initialDelaySeconds: 1
periodSeconds: 1
controlPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: controller
image: kong/kubernetes-ingress-controller:3.4.1
env:
- name: CONTROLLER_LOG_LEVEL
value: debug
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: kong
spec:
controllerName: konghq.com/gateway-operator
parametersRef:
group: gateway-operator.konghq.com
kind: GatewayConfiguration
name: kong
namespace: default
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: kong
namespace: default
spec:
gatewayClassName: kong
listeners:
- name: http
protocol: HTTP
port: 80
' | kubectl apply -f -
You can now run kubectl get -n default gateway kong
to get the IP address for the running gateway.
Note: if your cluster can not provision LoadBalancer type Services then the IP you receive may only be routable from within the cluster.
Configuring Gateways
A Gateway
resource has subcomponents such as a ControlPlane
and a DataPlane,
which are created and managed on its behalf.
At a deeper technical level, ControlPlane
corresponds with the Kong Ingress Controller and DataPlane
corresponds with the Kong Gateway.
While not required for primary usage, it is possible to provide configuration for these subcomponents using the GatewayConfiguration
API.
That configuration can include the container image and image version to use for the subcomponents, as well as environment and volume mount overrides will be passed down toPods
created for that component.
For example:
kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v1beta1
metadata:
name: kong
namespace: default
spec:
dataPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: proxy
image: kong/kong-gateway:3.9.0.0
env:
- name: TEST_VAR
value: TEST_VAL
controlPlaneOptions:
deployment:
podTemplateSpec:
spec:
containers:
- name: controller
image: kong/kubernetes-ingress-controller:3.4.1
env:
- name: TEST_VAR
value: TEST_VAL
Configurations like the above can be created on the API, but won’t be active until referenced by a GatewayClass
:
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: kong
spec:
controllerName: konghq.com/gateway-operator
parametersRef:
group: gateway-operator.konghq.com
kind: GatewayConfiguration
name: kong
namespace: default
With the parametersRef
in the above GatewayClass
being used to attach the GatewayConfiguration
, that configuration will start applying to all Gateway
resources created for that class, and will retroactively apply to any Gateway
resources previously created.
Kong Gateway Enterprise
You can use Kong Gateway Enterprise as the data plane using the following steps:
Note: The license secret, the
GatewayConfiguration
, and theGateway
MUST be created in the same namespace.
-
Create a secret with the Kong license in the namespace you intend to use for deploying the gateway.
kubectl create secret generic kong-enterprise-license --from-file=license=<license-file> -n <your-namespace>
-
Create a
GatewayConfiguration
specifying the enterprise container image and the environment variable referencing the license secret. The operator will use the image and the environment variable specified in theGatewayConfiguration
to customize the dataplane. As the result, the dataplane will usekong/kong-gateway:3.9.0.0
as the image and mount the license secret.kind: GatewayConfiguration apiVersion: gateway-operator.konghq.com/v1beta1 metadata: name: kong namespace: <your-namespace> spec: dataPlaneOptions: deployment: podTemplateSpec: spec: containers: - name: proxy image: kong/kong-gateway:3.9.0.0 env: - name: KONG_LICENSE_DATA valueFrom: secretKeyRef: key: license name: kong-enterprise-license
-
Create a
GatewayClass
that references theGatewayConfiguration
above.kind: GatewayClass apiVersion: gateway.networking.k8s.io/v1 metadata: name: kong spec: controllerName: konghq.com/gateway-operator parametersRef: group: gateway-operator.konghq.com kind: GatewayConfiguration name: kong namespace: <your-namespace>
-
And finally create a Gateway that uses the
GatewayClass
above:kind: Gateway apiVersion: gateway.networking.k8s.io/v1 metadata: name: kong namespace: <your-namespace> spec: gatewayClassName: kong listeners: - name: http protocol: HTTP port: 80
-
Wait for the
Gateway
to beReady
:kubectl wait --for=condition=Ready=true gateways.gateway.networking.k8s.io/kong
-
Check that the data plane is using the enterprise image:
$ kubectl get deployment -l konghq.com/gateway-operator=dataplane -o jsonpath='{.items[0].spec.template.spec.containers[0].image}' kong/kong-gateway:3.9.0.0
-
A log message should describe the status of the provided license.
$ kubectl logs $(kubectl get po -l app=$(kubectl get dataplane -o=jsonpath='{.items[0].metadata.name}') -o=jsonpath="{.items[0].metadata.name}") | grep license_helpers.lua 2022/08/29 10:50:55 [error] 2111#0: *8 [lua] license_helpers.lua:194: log_license_state(): The Kong Enterprise license will expire on 2022-09-20. Please contact <support@konghq.com> to renew your license., context: ngx.timer