Tagging and Labeling
Tags and labels are a way to organize and categorize your resources. In this guide, you’ll learn how to annotate your Konnect entities managed by Kong Gateway Operator with tags and labels (depending on particular entity’s support for those).
Prerequisites: Install Kong Gateway Operator and create a valid KonnectAPIAuthConfiguration in your cluster.
Prerequisites
Install Kong Gateway Operator
Update the Helm repository:
helm repo add kong https://charts.konghq.com
helm repo update kong
Install Kong Gateway Operator with Helm:
helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace --set image.tag=1.4 \
--set kubernetes-configuration-crds.enabled=true \
--set env.ENABLE_CONTROLLER_KONNECT=true
You can wait for the operator to be ready using kubectl wait
:
kubectl -n kong-system wait --for=condition=Available=true --timeout=120s deployment/kgo-gateway-operator-controller-manager
Create an access token in Konnect
You may create either a Personal Access Token (PAT) or a Service Account Token (SAT) in Konnect. Please refer to the
Konnect authentication documentation for more information. You will need this token
to create a KonnectAPIAuthConfiguration
object that will be used by the Kong Gateway Operator to authenticate
with Konnect APIs.
Create a Kong Konnect API auth configuration
Depending on your preferences, you can create a KonnectAPIAuthConfiguration
object with the token specified
directly in its spec or as a reference to a Kubernetes Secret. The serverURL
field should be set to the Konnect API
URL in a region where your Kong Konnect account is located. Please refer to the list of available API URLs
for more information.
You can verify the KonnectAPIAuthConfiguration
object was reconciled successfully by checking its status.
kubectl get konnectapiauthconfiguration konnect-api-auth
The output should look like this:
NAME VALID ORGID SERVERURL
konnect-api-auth True <your-konnect-org-id> https://us.api.konghq.tech
Labeling
Labels are key-value pairs that you can attach to objects. As of now, the only Konnect entity that supports labeling is
the KonnectGatewayControlPlane. You can add labels to
the KonnectGatewayControlPlane
object by specifying the labels
field in the spec
section.
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha1
metadata:
name: gateway-control-plane
namespace: default
spec:
labels: # Arbitrary key-value pairs
environment: production
team: devops
name: gateway-control-plane
konnect:
authRef:
name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object
' | kubectl apply -f -
You can verify the control plane was reconciled successfully by checking its status.
kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane
The output should look similar to this:
NAME PROGRAMMED ID ORGID
gateway-control-plane True <konnect-control-plane-id> <your-konnect-ord-id>
At this point, labels should be visible in the Gateway Manager UI.
Tagging
Tags are values that you can attach to objects. All the Kong Konnect entities that can be attached to a
KonnectGatewayControlPlane
object support tagging. You can add tags to those entities by specifying the tags
field
in their spec
section.
For example, to add tags to a KongService
object, you can apply the following YAML manifest:
echo '
kind: KongService
apiVersion: configuration.konghq.com/v1alpha1
metadata:
name: service
namespace: default
spec:
tags: # Arbitrary list of strings
- production
- devops
name: service
host: example.com
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object
' | kubectl apply -f -
You can verify the KongService
was reconciled successfully by checking its Programmed
condition.
kubectl get kongservice service -o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}
At this point, tags should be visible in the Gateway Manager UI.