deck file kong2tf
The kong2tf
subcommand transforms Kong’s configuration files, written in the decK format, into Terraform resources. This tool serves as a bridge for deploying API configurations from decK files directly to Kong Konnect, facilitating integration into the final stages of an APIOps pipeline. Essentially, kong2tf
translates the desired API configurations into a format that Terraform can deploy, ensuring that the API’s intended state is accurately reflected in the Konnect environment.
Let’s see an example of how the following decK state file is converted to Terraform resources.
Syntax
deck file kong2tf [command-specific flags] [global flags]
Examples
deck file kong2tf -s ./kong.yaml --generate-imports-for-control-plane-id "0dea9abf-074a-4988-bdd6-c9ea1ea25d4b" --ignore-credential-changes
Flags
-
-g
,--generate-imports-for-control-plane-id
-
import
blocks will be added to Terraform to adopt existing resources. Typically used afterdeck gateway dump --with-id
to obtain the IDs of all entities. --ignore-credential-changes
- credentials will be ignored until they are destroyed and recreated.
-
-o
,--output-file
- Output file to write to. Use
-
to write to stdout. (Default:"-"
) -
-s
,--state
- decK state file to process. Use
-
to read from stdin. (Default:"-"
) -
-h
,--help
- Help for kong2tf.
Global flags
--analytics
- Share anonymized data to help improve decK.
Use
--analytics=false
to disable this. (Default:true
) --ca-cert
- Custom CA certificate (raw contents) to use to verify Kong’s Admin TLS certificate.
This value can also be set using DECK_CA_CERT environment variable.
This takes precedence over
--ca-cert-file
flag. --ca-cert-file
- Path to a custom CA certificate to use to verify Kong’s Admin TLS certificate. This value can also be set using DECK_CA_CERT_FILE environment variable.
--config
- Config file (default is $HOME/.deck.yaml).
--headers
- HTTP headers (key:value) to inject in all requests to Kong’s Admin API. This flag can be specified multiple times to inject multiple headers.
--kong-addr
- HTTP address of Kong’s Admin API.
This value can also be set using the environment variable DECK_KONG_ADDR
environment variable. (Default:
"http://localhost:8001"
) --kong-cookie-jar-path
- Absolute path to a cookie-jar file in the Netscape cookie format for auth with Admin Server. You may also need to pass in as header the User-Agent that was used to create the cookie-jar.
--konnect-addr
- Address of the Konnect endpoint. (Default:
"https://us.api.konghq.com"
) --konnect-token
- Token associated with your Konnect account. This takes precedence over the
--konnect-token-file
flag. --konnect-token-file
- File containing the token associated with your Konnect account.
--konnect-control-plane-name
- Konnect control plane name.
--no-color
- Disable colorized output (Default:
false
) --skip-workspace-crud
- Skip API calls related to Workspaces (Kong Gateway Enterprise only). (Default:
false
) --timeout
- Set a request timeout for the client to connect with Kong (in seconds). (Default:
10
) --tls-client-cert
- PEM-encoded TLS client certificate to use for authentication with Kong’s Admin API. This value can also be set using DECK_TLS_CLIENT_CERT environment variable. Must be used in conjunction with tls-client-key
--tls-client-cert-file
- Path to the file containing TLS client certificate to use for authentication with Kong’s Admin API. This value can also be set using DECK_TLS_CLIENT_CERT_FILE environment variable. Must be used in conjunction with tls-client-key-file
--tls-client-key
- PEM-encoded private key for the corresponding client certificate . This value can also be set using DECK_TLS_CLIENT_KEY environment variable. Must be used in conjunction with tls-client-cert
--tls-client-key-file
- Path to file containing the private key for the corresponding client certificate. This value can also be set using DECK_TLS_CLIENT_KEY_FILE environment variable. Must be used in conjunction with tls-client-cert-file
--tls-server-name
- Name to use to verify the hostname in Kong’s Admin TLS certificate. This value can also be set using DECK_TLS_SERVER_NAME environment variable.
--tls-skip-verify
- Disable verification of Kong’s Admin TLS certificate.
This value can also be set using DECK_TLS_SKIP_VERIFY environment variable. (Default:
false
) --verbose
- Enable verbose logging levels
Setting this value to 2 outputs all HTTP requests/responses
between decK and Kong. (Default:
0
)
See also
File subcommands:
- deck file add-plugins - Add plugins to objects in a decK file
- deck file add-tags - Add tags to objects in a decK file
- deck file convert - Convert files from one format into another format
- deck file kong2kic - Convert decK state files to Kong Ingress Controller kubernetes manifests.
- deck file kong2tf - Convert decK state files to Terraform resources.
- deck file lint - Validate a file against a ruleset
- deck file list-tags - List current tags from objects in a decK file
- deck file merge - Merge multiple decK files into one
- deck file namespace - Apply a namespace to routes in a decK file by prefixing the path.
- deck file openapi2kong - Convert OpenAPI specifications to Kong’s decK format
- deck file patch - Apply patches on top of a decK file
- deck file remove-tags - Remove tags from objects in a decK file
- deck file render - Combines multiple complete configuration files and renders them as one Kong declarative config file.
- deck file validate - Locally validates the state file for basic structure or relationship errors.