Install Kong Gateway in Konnect with Helm

Uses: Kong Gateway
Related Documentation
TL;DR

Create a Control Plane in Konnect, populate a values.yaml file with the Control Plane details, and run helm install kong kong/kong --values ./values.yaml -n kong --create-namespace.

Konnect setup

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'
    
    Copied to clipboard!

Helm setup

helm repo add kong https://charts.konghq.com
helm repo update
Copied to clipboard!

Create certificates

Create a certificate and key:

openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout ./tls.key -out ./tls.crt -days 1095 -subj "/CN=kong_clustering"
Copied to clipboard!

Create a Secret containing the certificate:

kubectl create namespace kong
kubectl create secret tls kong-cluster-cert --cert=./tls.crt --key=./tls.key -n kong
Copied to clipboard!

Create a Control Plane

Konnect allows you to create a Control Plane in a single API request.

Create a Control Plane and capture the details for later:

CONTROL_PLANE_DETAILS=$(curl -X POST "https://us.api.konghq.com/v2/control-planes" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "name": "demo-control-plane"
     }')
Copied to clipboard!

Upload the certificates to this Control Plane:

CONTROL_PLANE_ID=$(echo $CONTROL_PLANE_DETAILS | jq -r .id)
CERT=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' tls.crt);
Copied to clipboard!
curl -X POST "https://us.api.konghq.com/v2/control-planes/$CONTROL_PLANE_ID/dp-client-certificates" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "cert": "'$CERT'"
     }'
Copied to clipboard!

Deploy a Data Plane

Export the Control Plane ID and telemetry endpoint for later:

CONTROL_PLANE_ENDPOINT=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.control_plane_endpoint | sub("https://";"")')
CONTROL_PLANE_TELEMETRY=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.telemetry_endpoint | sub("https://";"")')
Copied to clipboard!

Create a values-dp.yaml file with the following content:

echo '
ingressController:
 enabled: false
  
image:
 repository: kong/kong-gateway
 tag: ""
  
# Mount the secret created earlier
secretVolumes:
 - kong-cluster-cert
  
env:
  # data_plane nodes do not have a database
  role: data_plane
  database: "off"
  konnect_mode: 'on'
  vitals: "off"
  cluster_mtls: pki

  cluster_control_plane: "'$CONTROL_PLANE_ENDPOINT'"
  cluster_telemetry_endpoint: "'$CONTROL_PLANE_ENDPOINT':443"
  cluster_telemetry_server_name: "'$CONTROL_PLANE_ENDPOINT'"
  cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
  cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key

  lua_ssl_trusted_certificate: system
  proxy_access_log: "off"
  dns_stale_ttl: "3600"
resources:
  requests:
    cpu: 1
    memory: "2Gi"
secretVolumes:
  - kong-cluster-cert
  
# The data plane handles proxy traffic only
proxy:
 enabled: true
  
admin:
 enabled: false
  
manager:
 enabled: false
' > values-dp.yaml
Copied to clipboard!

Deploy the Data Plane using the values-dp.yaml:

helm install kong kong/kong --values ./values-dp.yaml -n kong --create-namespace
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!