Skip to content
Kong Gateway 2.8 Increases Security and Simplifies API Management.  —Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Konnect Cloud
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Kong Konnect Platform

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Request Demo
  • Kong Gateway
  • Konnect Cloud
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Kong Konnect Platform

  • Docs contribution guidelines
  • 1.12.x (latest)
  • 1.11.x
  • 1.10.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • pre-1.7
    • Terminology
    • Architecture
    • Compatibility Promise
    • Getting Started with decK
    • Backup and Restore
    • Configuration as Code and GitOps
    • Distributed Configuration
    • Best Practices
    • Using decK with Kong Gateway (Enterprise)
    • Using Multiple Files to Store Configuration
    • De-duplicate Plugin Configuration
    • Set Up Object Defaults
    • Using environment variables with decK
    • deck completion
    • deck convert
    • deck diff
    • deck dump
    • deck ping
    • deck reset
    • deck sync
    • deck validate
    • deck version
    • deck konnect
    • deck konnect diff
    • deck konnect dump
    • deck konnect ping
    • deck konnect sync

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Compatibility
  • Entities managed by decK
  • RBAC
  • Workspaces
    • Manage one workspace at a time
    • Manage multiple workspaces
decK
1.10.x
  • Open Source
  • decK
  • Guides
You are browsing documentation for an outdated version. See the latest documentation here.

decK and Kong Gateway (Enterprise)

All features of decK work with both Kong Gateway (OSS) and Kong Gateway.

For Kong Gateway, decK provides a few additional features leveraging the power of enterprise features.

Compatibility

decK is compatible with Kong Gateway 0.35 and above.

Entities managed by decK

decK manages only the core proxy entities in Kong Gateway. It doesn’t manage enterprise-only entities such as admins, RBAC permissions, RBAC roles, or any entities related to Dev Portal.

RBAC

You should have authentication and RBAC configured for Kong’s Admin API. Supply the RBAC token to decK so that decK can authenticate itself against the Admin API.

Use the --headers flag to pass the RBAC token to decK. For example, you can pass the token as a string:

deck diff --headers "kong-admin-token:<your-token>"

However, passing the token directly is not secure and should only be used for testing. The command and all of its flags are logged to your shell’s history file, potentially leaking the token.

For a more secure approach, you can store the token in a file and load the file as you execute the command. For example:

deck diff --headers "kong-admin-token:$(cat token.txt)"

You can also use the DECK_HEADERS environment variable to supply the same token with an environment variable.

It is advised that you do not use an RBAC token with super admin privileges with decK, and always scope down the exact permissions you need to give decK.

Workspaces

decK is workspace-aware, meaning it can interact with multiple workspaces.

Manage one workspace at a time

To manage the configuration of a specific workspace, use the --workspace flag with sync, diff, ping, dump, or reset. For example, to export the configuration of the workspace my-workspace:

deck dump --workspace my-workspace

If you do not specify a --workspace flag, decK uses the default workspace.

To set a workspace directly in the state file, use the _workspace parameter. For example:

_format_version: "1.1"
_workspace: default
services:
- name: example_service

Note: decK cannot delete workspaces. If you use --workspace or --all-workspaces with deck reset, decK deletes the entire configuration inside the workspace, but not the workspace itself.

Manage multiple workspaces

You can manage the configurations of all workspaces in Kong Gateway with the --all-workspaces flag:

deck dump --all-workspaces

This creates one configuration file per workspace, or applies one file to all workspaces.

Be careful when using this flag to avoid overwriting the wrong workspace. We recommend using the singular --workspace flag in most situations.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2022