docs(kgo): add DP Client Certificate entity guide

Kong · Oct 28, 2024 · abcf11a · abcf11a
1 parent 8da99cf
commit abcf11a
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 0 deletions.
diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml
@@ -117,6 +117,12 @@ items:
             url: /guides/konnect-entities/key-and-keyset/
           - text: Upstream and Targets
             url: /guides/konnect-entities/upstream-and-target/
+          - text: Certificate and CA Certificate
+            url: /guides/konnect-entities/certificate-and-cacertificate/
+          - text: Vault
+            url: /guides/konnect-entities/vault/
+          - text: Data Plane Client Certificate
+            url: /guides/konnect-entities/dpcertificate/
           - text: Tagging and Labeling
             url: /guides/konnect-entities/tagging-and-labeling/
   - title: Reference

diff --git a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md
@@ -0,0 +1,68 @@
+---
+title: Data Plane Client Certificate
+---
+
+In this guide you'll learn how to use the `KongDataPlaneClientCertificate` custom resource to manage
+Konnect [Vault](/konnect/gateway-manager/configuration/#vaults) natively from your Kubernetes cluster.
+
+{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release
+with-control-plane=true %}
+
+## Create a Data Plane Client Certificate 
+
+Creating the `KongDataPlaneClientCertificate` object in your Kubernetes cluster will provision a Data Plane Client Certificate in
+your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release
+}}/reference/custom-resources/#kongdataplaneclientcertificate) to see all the available fields.
+
+Your `KongDataPlaneClientCertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster.
+It will make it part of the Gateway Control Plane's configuration.
+
+To create a `KongDataPlaneClientCertificate`, you can apply the following YAML manifest:
+
+```yaml
+echo '
+kind: KongDataPlaneClientCertificate
+apiVersion: configuration.konghq.com/v1alpha1
+metadata:
+  name: dp-cert
+  namespace: default
+spec:
+  controlPlaneRef:
+    type: konnectNamespacedRef # This indicates that an in cluster reference is used
+    konnectNamespacedRef:
+      name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object
+  cert: | # Sample certificate in PEM format, replace with your own
+      -----BEGIN CERTIFICATE-----
+      MIIB4TCCAYugAwIBAgIUAenxUyPjkSLCe2BQXoBMBacqgLowDQYJKoZIhvcNAQEL
+      BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+      GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEwMjgyMDA3NDlaFw0zNDEw
+      MjYyMDA3NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+      HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF
+      AANLADBIAkEAyzipjrbAaLO/yPg7lL1dLWzhqNdc3S4YNR7f1RG9whWhbsPE2z42
+      e6WGFf9hggP6xjG4qbU8jFVczpd1UPwGbQIDAQABo1MwUTAdBgNVHQ4EFgQUkPPB
+      ghj+iHOHAKJlC1gLbKT/ZHQwHwYDVR0jBBgwFoAUkPPBghj+iHOHAKJlC1gLbKT/
+      ZHQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALfy49GvA2ld+u+G
+      Koxa8kCt7uywoqu0hfbBfUT4HqmXPvsuhz8RinE5ltxId108vtDNlD/+bKl+N5Ub
+      qKjBs0k=
+      -----END CERTIFICATE-----
+  ' | kubectl apply -f -
+```
+
+You can verify the `KongDataPlaneClientCertificate` was reconciled successfully by checking its `Programmed` condition.
+
+```shell
+kubectl get kongdataplaneclientcertificate dp-cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")'
+```
+
+The output should look similar to this:
+
+```console
+{
+  "observedGeneration": 1,
+  "reason": "Programmed",
+  "status": "True",
+  "type": "Programmed"
+}
+```
+
+At this point, you should see the Data Plane Client Certificate in the Gateway Manager UI.