Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
decK
1.12.x
  • Home icon
  • decK
  • Guides
  • Kong Enterprise
  • decK and Kong Gateway (Enterprise)
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 1.27.x (latest)
  • 1.26.x
  • 1.25.x
  • 1.24.x
  • 1.23.x
  • 1.22.x
  • 1.21.x
  • 1.20.x
  • 1.19.x
  • 1.18.x
  • 1.17.x
  • 1.16.x
  • 1.15.x
  • 1.14.x
  • 1.13.x
  • 1.12.x
  • 1.11.x
  • 1.10.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • pre-1.7
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Compatibility
  • Entities managed by decK
  • RBAC
  • Workspaces
    • Manage one workspace at a time
    • Manage multiple workspaces
You are browsing documentation for an outdated version. See the latest documentation here.

decK and Kong Gateway (Enterprise)

All features of decK work with both Kong Gateway (OSS) and Kong Enterprise.

For Kong Enterprise, decK provides a few additional features leveraging the power of enterprise features.

Compatibility

decK is compatible with Kong Enterprise 0.35 and above.

Entities managed by decK

decK manages only the core proxy entities in Kong Enterprise. It doesn’t manage enterprise-only entities such as admins, RBAC permissions, RBAC roles, or any entities related to Dev Portal.

For a full list, see the reference for entities managed by decK.

RBAC

If you have authentication and RBAC configured for Kong’s Admin API, provide the RBAC token to decK so that decK can authenticate itself against the Admin API.

Use the --headers flag to pass the RBAC token to decK. For example, you can pass the token as a string:

deck diff --headers "kong-admin-token:<your-token>"

However, passing the token directly is not secure and should only be used for testing. The command and all of its flags are logged to your shell’s history file, potentially leaking the token.

For a more secure approach, you can store the token in a file and load the file as you execute the command. For example:

deck diff --headers "kong-admin-token:$(cat token.txt)"

You can also use the DECK_HEADERS environment variable to supply the same token with an environment variable.

It is advised that you do not use an RBAC token with super admin privileges with decK, and always scope down the exact permissions you need to give decK.

Workspaces

decK is workspace-aware, meaning it can interact with multiple workspaces.

Manage one workspace at a time

To manage the configuration of a specific workspace, use the --workspace flag with sync, diff, ping, dump, or reset. For example, to export the configuration of the workspace my-workspace:

deck dump --workspace my-workspace

If you do not specify a --workspace flag, decK uses the default workspace.

To set a workspace directly in the state file, use the _workspace parameter. For example:

_format_version: "3.0"
_workspace: default
services:
- name: example_service

Note: decK cannot delete workspaces. If you use --workspace or --all-workspaces with deck reset, decK deletes the entire configuration inside the workspace, but not the workspace itself.

Manage multiple workspaces

You can manage the configurations of all workspaces in Kong Enterprise with the --all-workspaces flag:

deck dump --all-workspaces

This creates one configuration file per workspace.

However, since a workspace is an isolated unit of configuration, decK doesn’t allow the deployment of multiple workspaces at a time. Therefore, each workspace configuration file must be deployed individually:

deck sync -s workspace1.yaml --workspace workspace1
deck sync -s workspace2.yaml --workspace workspace2

Be careful when using the --all-workspaces flag to avoid overwriting the wrong workspace. We recommend using the singular --workspace flag in most situations.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023