Create a Key and Key Set
Uses:
Kong Gateway Operator
TL;DR
Create KongKey and KongKeySet resources and associate them using the keySetRef field.
Prerequisites
Kong Konnect
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'Copied to clipboard!
Create a KongKey
Use the KongKey resource to define a Key in Konnect. You can create PEM or JWK keys.
echo '
kind: KongKey
apiVersion: configuration.konghq.com/v1alpha1
metadata:
name: key
namespace: kong
spec:
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: gateway-control-plane
kid: key-id
name: key
pem:
private_key: |
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4f5Ur6EzZKsfu0ct
QCmmbCkUohHp6lAgGGmVmQpj5Xrx5jrjGWWdDAF1ADFPh/XMC58iZFaX33UpGOUn
tuWbJQIDAQABAkEAxqXvvL2+1iNRbiY/kWHLBtIJb/i9G5i4zZypwe+PJduIPRlH
4bFHih8sHtYt5rEs4RnT0SJnZN1HKhJcisVLdQIhAPKboGS0dTprmMLrAXQh15p7
xz4XUbZrNqPct+hqa5JXAiEA7nfrjPYm2UXKRzvFo9Zbd9K/Y3M0Xas9LsXdRaO8
6OMCIAhkX8D8CQ4TSL59WJiGzyl13KeGMPppbQNwECCHBd+TAiB8dDOHprORsz2l
PYmhPu8PsvpVkbtjo0nUDkmz3Ydq1wIhAIMCsZQ7A3H/kN88aYsqKeGg9c++yqIP
/9xIOKHsjlB4
-----END PRIVATE KEY-----
public_key: |
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOH+VK+hM2SrH7tHLUAppmwpFKIR6epQ
IBhplZkKY+V68eY64xllnQwBdQAxT4f1zAufImRWl991KRjlJ7blmyUCAwEAAQ==
-----END PUBLIC KEY-----
' | kubectl apply -f -
Copied to clipboard!
Create a KongKeySet
Provision a Key Set to logically group related keys.
echo '
kind: KongKeySet
apiVersion: configuration.konghq.com/v1alpha1
metadata:
name: key-set
namespace: kong
spec:
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: gateway-control-plane
name: key-set
' | kubectl apply -f -
Copied to clipboard!
Associate a Key with a Key Set
Update the KongKey with a reference to the KongKeySet.
echo '
kind: KongKey
apiVersion: configuration.konghq.com/v1alpha1
metadata:
name: key
namespace: kong
spec:
controlPlaneRef:
type: konnectNamespacedRef
konnectNamespacedRef:
name: gateway-control-plane
kid: key-id
name: key
pem:
private_key: |
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4f5Ur6EzZKsfu0ct
QCmmbCkUohHp6lAgGGmVmQpj5Xrx5jrjGWWdDAF1ADFPh/XMC58iZFaX33UpGOUn
tuWbJQIDAQABAkEAxqXvvL2+1iNRbiY/kWHLBtIJb/i9G5i4zZypwe+PJduIPRlH
4bFHih8sHtYt5rEs4RnT0SJnZN1HKhJcisVLdQIhAPKboGS0dTprmMLrAXQh15p7
xz4XUbZrNqPct+hqa5JXAiEA7nfrjPYm2UXKRzvFo9Zbd9K/Y3M0Xas9LsXdRaO8
6OMCIAhkX8D8CQ4TSL59WJiGzyl13KeGMPppbQNwECCHBd+TAiB8dDOHprORsz2l
PYmhPu8PsvpVkbtjo0nUDkmz3Ydq1wIhAIMCsZQ7A3H/kN88aYsqKeGg9c++yqIP
/9xIOKHsjlB4
-----END PRIVATE KEY-----
public_key: |
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOH+VK+hM2SrH7tHLUAppmwpFKIR6epQ
IBhplZkKY+V68eY64xllnQwBdQAxT4f1zAufImRWl991KRjlJ7blmyUCAwEAAQ==
-----END PUBLIC KEY-----
keySetRef:
type: namespacedRef
namespacedRef:
name: key-set
' | kubectl apply -f -
Copied to clipboard!
Validation
Check that Programmed is True on the key resource:
You can verify the KongKey was reconciled successfully by checking its Programmed condition.
kubectl get -n kong kongkey key \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
Copied to clipboard!
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}
Copied to clipboard!
Check that Programmed is True on the key-set resource:
You can verify the KongKeySet was reconciled successfully by checking its Programmed condition.
kubectl get -n kong kongkeyset key-set \
-o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq
Copied to clipboard!
The output should look similar to this:
{
"observedGeneration": 1,
"reason": "Programmed",
"status": "True",
"type": "Programmed"
}
Copied to clipboard!