From b6cb2a5613e924f2fa2967248b3f1e7920fff34a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Thu, 24 Oct 2024 14:09:56 +0200 Subject: [PATCH 01/17] docs(kgo): prepare v1.4.x --- app/gateway-operator/changelog.md | 114 ++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/app/gateway-operator/changelog.md b/app/gateway-operator/changelog.md index 37d631ece459..6052f3fb3637 100644 --- a/app/gateway-operator/changelog.md +++ b/app/gateway-operator/changelog.md @@ -5,6 +5,120 @@ no_version: true Changelog for supported {{ site.kgo_product_name }} versions. +## 1.4.0 + +**Release Date** TBA + +### Added + +- Proper `User-Agent` header is now set on outgoing HTTP requests. + [#387](https://github.com/Kong/gateway-operator/pull/387) +- Introduce `KongPluginInstallation` CRD to allow installing custom Kong + plugins distributed as container images. + [#400](https://github.com/Kong/gateway-operator/pull/400), [#424](https://github.com/Kong/gateway-operator/pull/424), [#474](https://github.com/Kong/gateway-operator/pull/474), [#560](https://github.com/Kong/gateway-operator/pull/560), [#615](https://github.com/Kong/gateway-operator/pull/615), [#476](https://github.com/Kong/gateway-operator/pull/476) +- Extended `DataPlane` API with a possibility to specify `PodDisruptionBudget` to be + created for the `DataPlane` deployments via `spec.resources.podDisruptionBudget`. + [#464](https://github.com/Kong/gateway-operator/pull/464) +- Add `KonnectAPIAuthConfiguration` reconciler. + [#456](https://github.com/Kong/gateway-operator/pull/456) +- Add support for Konnect tokens in `Secrets` in `KonnectAPIAuthConfiguration` + reconciler. + [#459](https://github.com/Kong/gateway-operator/pull/459) +- Add `KonnectControlPlane` reconciler. + [#462](https://github.com/Kong/gateway-operator/pull/462) +- Add `KongService` reconciler for Konnect control planes. + [#470](https://github.com/Kong/gateway-operator/pull/470) +- Add `KongUpstream` reconciler for Konnect control planes. + [#593](https://github.com/Kong/gateway-operator/pull/593) +- Add `KongConsumer` reconciler for Konnect control planes. + [#493](https://github.com/Kong/gateway-operator/pull/493) +- Add `KongRoute` reconciler for Konnect control planes. + [#506](https://github.com/Kong/gateway-operator/pull/506) +- Add `KongConsumerGroup` reconciler for Konnect control planes. + [#510](https://github.com/Kong/gateway-operator/pull/510) +- Add `KongCACertificate` reconciler for Konnect CA certificates. + [#626](https://github.com/Kong/gateway-operator/pull/626) +- Add `KongCertificate` reconciler for Konnect Certificates. + [#643](https://github.com/Kong/gateway-operator/pull/643) +- Added command line flags to configure the certificate generator job's images. + [#516](https://github.com/Kong/gateway-operator/pull/516) +- Add `KongPluginBinding` reconciler for Konnect Plugins. + [#513](https://github.com/Kong/gateway-operator/pull/513), [#535](https://github.com/Kong/gateway-operator/pull/535) +- Add `KongTarget` reconciler for Konnect Targets. + [#627](https://github.com/Kong/gateway-operator/pull/627) +- Add `KongVault` reconciler for Konnect Vaults. + [#597](https://github.com/Kong/gateway-operator/pull/597) +- Add `KongKey` reconciler for Konnect Keys. + [#646](https://github.com/Kong/gateway-operator/pull/646) +- Add `KongKeySet` reconciler for Konnect KeySets. + [#657](https://github.com/Kong/gateway-operator/pull/657) +- Add `KongDataPlaneClientCertificate` reconciler for Konnect DataPlaneClientCertificates. + [#694](https://github.com/Kong/gateway-operator/pull/694) +- The `KonnectExtension` CRD has been introduced. Such a CRD can be attached + to a `DataPlane` via the extensions field to have a konnect-flavored `DataPlane`. + [#453](https://github.com/Kong/gateway-operator/pull/453), + [#578](https://github.com/Kong/gateway-operator/pull/578), + [#736](https://github.com/Kong/gateway-operator/pull/736) +- Entities created in Konnect are now labeled (or tagged for those that does not + support labels) with origin Kubernetes object's metadata: `k8s-name`, `k8s-namespace`, + `k8s-uid`, `k8s-generation`, `k8s-kind`, `k8s-group`, `k8s-version`. + [#565](https://github.com/Kong/gateway-operator/pull/565) +- Add `KongService`, `KongRoute`, `KongConsumer`, and `KongConsumerGroup` watchers + in the `KongPluginBinding` reconciler. + [#571](https://github.com/Kong/gateway-operator/pull/571) +- Annotating the following resource with the `konghq.com/plugins` annotation results in + the creation of a managed `KongPluginBinding` resource: + - `KongService` [#550](https://github.com/Kong/gateway-operator/pull/550) + - `KongRoute` [#644](https://github.com/Kong/gateway-operator/pull/644) + - `KongConsumer` [#676](https://github.com/Kong/gateway-operator/pull/676) + - `KongConsumerGroup` [#684](https://github.com/Kong/gateway-operator/pull/684) + These `KongPluginBinding`s are taken by the `KongPluginBinding` reconciler + to create the corresponding plugin objects in Konnect. +- `KongConsumer` associated with `ConsumerGroups` is now reconciled in Konnect by removing/adding + the consumer from/to the consumer groups. + [#592](https://github.com/Kong/gateway-operator/pull/592) +- Add support for `KongConsumer` credentials: + - basic-auth [#625](https://github.com/Kong/gateway-operator/pull/625) + - API key [#635](https://github.com/Kong/gateway-operator/pull/635) + - ACL [#661](https://github.com/Kong/gateway-operator/pull/661) + - JWT [#678](https://github.com/Kong/gateway-operator/pull/678) + - HMAC Auth [#687](https://github.com/Kong/gateway-operator/pull/687) +- Add support for `KongRoute`s bound directly to `KonnectGatewayControlPlane`s (serviceless routes). + [#669](https://github.com/Kong/gateway-operator/pull/669) +- Allow setting `KonnectGatewayControlPlane`s group membership + [#697](https://github.com/Kong/gateway-operator/pull/697) +- Apply Konnect-related customizations to `DataPlane`s that properly reference `KonnectExtension` + resources. + [#714](https://github.com/Kong/gateway-operator/pull/714) +- The KonnectExtension functionality is enabled only when the `--enable-controller-konnect` + flag or the `GATEWAY_OPERATOR_ENABLE_CONTROLLER_KONNECT` env var is set. + [#738](https://github.com/Kong/gateway-operator/pull/738) + +### Fixed + +- Fixed `ControlPlane` cluster wide resources not migrating to new ownership labels + (introduced in 1.3.0) when upgrading the operator form 1.2 (or older) to 1.3.0. + [#369](https://github.com/Kong/gateway-operator/pull/369) +- Requeue instead of reporting an error when a finalizer removal yields a conflict. + [#454](https://github.com/Kong/gateway-operator/pull/454) +- Requeue instead of reporting an error when a GatewayClass status update yields a conflict. + [#612](https://github.com/Kong/gateway-operator/pull/612) +- Guard object counters with checks whether CRDs for them exist + [#710](https://github.com/Kong/gateway-operator/pull/710) +- Do not reconcile Gateways nor assign any finalizers when the referred GatewayClass is not supported. + [#711](https://github.com/Kong/gateway-operator/pull/711) +- Fixed setting `ExternalTrafficPolicy` on `DataPlane`'s ingress `Service` during update and patch operations. + [#750](https://github.com/Kong/gateway-operator/pull/750) + +### Changes + +- Default version of `ControlPlane` is bumped to 3.3.1 + [#580](https://github.com/Kong/gateway-operator/pull/580) +- Default version of `DataPlane` is bumped to 3.8.0 + [#572](https://github.com/Kong/gateway-operator/pull/572) +- Gateway API has been bumped to v1.2.0 + [#674](https://github.com/Kong/gateway-operator/pull/674) + ## 1.3.0 **Release Date** 2024/06/24 From e6ef0cfa50c48ba2c08b98bb4b1ac7b9f75c86bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Thu, 24 Oct 2024 18:45:48 +0200 Subject: [PATCH 02/17] docs(kgo): add intial Konnect entities documentation --- app/_data/docs_nav_kgo_1.4.x.yml | 4 + .../md/kgo/konnect-entities-prerequisites.md | 90 +++++++++++ app/_includes/md/kgo/prerequisites.md | 4 +- .../gateway-operator/install_with_helm.md | 2 +- .../konnect-entities/gatewaycontrolplane.md | 142 ++++++++++++++++++ 5 files changed, 239 insertions(+), 3 deletions(-) create mode 100644 app/_includes/md/kgo/konnect-entities-prerequisites.md create mode 100644 app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 15eeafbea0d0..e1c761aadfae 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -105,6 +105,10 @@ items: url: /guides/upgrade/data-plane/blue-green/ - text: Kong Custom Plugin Distribution url: guides/plugin-distribution/ + - text: Konnect entities + items: + - text: Gateway Control Plane + url: /guides/konnect-entities/gatewaycontrolplane/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_includes/md/kgo/konnect-entities-prerequisites.md b/app/_includes/md/kgo/konnect-entities-prerequisites.md new file mode 100644 index 000000000000..6c8bf2a3dab2 --- /dev/null +++ b/app/_includes/md/kgo/konnect-entities-prerequisites.md @@ -0,0 +1,90 @@ +{% unless include.disable_accordian %} +
+ +
+

Before you create any Konnect entity, make sure you've installed {{site.kgo_product_name}} and created a valid KonnectAPIAuthConfiguration in your cluster.

+
+ + +## Prerequisites +{% endunless %} + +{% include md/kgo/prerequisites.md disable_accordian=true version=page.version release=page.release kconf-crds=true %} + +### Create an access token in Konnect + +You may create either a Personal Access Token (PAT) or a Service Account Token (SAT) in Konnect. Please refer to the +[Konnect authentication documentation](/konnect/api/#authentication) for more information. You will need this token +to create a `KonnectAPIAuthConfiguration` object that will be used by the {{site.kgo_product_name}} to authenticate +with Konnect APIs. + +### Create a `KonnectAPIAuthConfiguration` object + +Depending on your preferences, you might want to create a `KonnectAPIAuthConfiguration` object with the token specified +directly in its spec or as a reference to a Kubernetes Secret. The `serverURL` field should be set to the Konnect API +URL in a region where your Konnect account is located. Please refer to the [list of available API URLs](/konnect/network/) +for more information. + +{% navtabs token %} +{% navtab Directly in specification %} +```yaml +echo ' +kind: KonnectAPIAuthConfiguration +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: konnect-api-auth + namespace: default +spec: + type: token + token: kpat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + serverURL: eu.api.konghq.com +' | kubectl apply -f - +``` +{% endnavtab %} +{% navtab Stored in a Secret %} +Please note that the Secret must have the `konghq.com/credential: konnect` label to make the {{site.kgo_product_name}} +reconcile it. + +```yaml +echo ' +kind: KonnectAPIAuthConfiguration +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: konnect-api-auth + namespace: default +spec: + type: secretRef + secretRef: + name: konnect-api-auth-secret + serverURL: eu.api.konghq.com +--- +kind: Secret +apiVersion: v1 +metadata: + name: konnect-api-auth-secret + namespace: default + labels: + konghq.com/credential: konnect +stringData: + token: kpat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +' | kubectl apply -f - +``` +{% endnavtab %} +{% endnavtabs %} + +You can verify the `KonnectAPIAuthConfiguration` object was reconciled successfully by checking its status. + +```shell +kubectl get konnectapiauthconfiguration konnect-api-auth +``` + +The output should look like this: + +```console +NAME VALID ORGID SERVERURL +konnect-api-auth True https://eu.api.konghq.tech +``` + +{% unless include.disable_accordian %} +
+{% endunless %} diff --git a/app/_includes/md/kgo/prerequisites.md b/app/_includes/md/kgo/prerequisites.md index ecdc11b37481..8ab7772417d7 100644 --- a/app/_includes/md/kgo/prerequisites.md +++ b/app/_includes/md/kgo/prerequisites.md @@ -2,7 +2,7 @@
-

Before you begin, ensure that you have installed the {{site.kgo_product_name}} in your Kubernetes cluster{% if include.aiGateway %} with AI Gateway support enabled{% endif %}{% if include.kongplugininstallation %} with KongPluginInstallation support enabled{% endif %}. {% if include.enterprise %}This guide requires an enterprise license.{% endif %}

+

Before you begin, ensure that you have installed the {{site.kgo_product_name}} in your Kubernetes cluster{% if include.aiGateway %} with AI Gateway support enabled{% endif %}{% if include.kongplugininstallation %} with KongPluginInstallation support enabled{% endif %}{% if include.kconf-crds %} with Kong's Kubernetes Configuration CRDs enabled{% endif %}. {% if include.enterprise %}This guide requires an enterprise license.{% endif %}

 @@ -33,7 +33,7 @@ kubectl apply -f {{site.links.web}}/assets/gateway-operator/ai-gateway-crd.yaml ### Install {{ site.kgo_product_name }} -{% include snippets/gateway-operator/install_with_helm.md version=include.version release=include.release %} +{% include snippets/gateway-operator/install_with_helm.md version=include.version release=include.release kconf-crds=include.kconf-crds %} {%- if include.aiGateway %} diff --git a/app/_includes/snippets/gateway-operator/install_with_helm.md b/app/_includes/snippets/gateway-operator/install_with_helm.md index db1866435096..c1058105cab5 100644 --- a/app/_includes/snippets/gateway-operator/install_with_helm.md +++ b/app/_includes/snippets/gateway-operator/install_with_helm.md @@ -13,7 +13,7 @@ helm repo update kong Install {{ site.kgo_product_name }} with Helm: ```bash -helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace --set image.tag={{ kgo_version }} +helm upgrade --install kgo kong/gateway-operator -n kong-system --create-namespace --set image.tag={{ kgo_version }} {{ if include.kconf-crds }}--set kubernetes-configuration-crds.enabled=true{{ endif }} ``` You can wait for the operator to be ready using `kubectl wait`: diff --git a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md new file mode 100644 index 000000000000..71749657aba2 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md @@ -0,0 +1,142 @@ +--- +title: Gateway Control Plane +--- + +In this guide you'll learn how to use the `KonnectGatewayControlPlane` custom resource to +manage [Konnect Gateway Control +Planes](/konnect/gateway-manager/#control-planes) natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release %} + +## Creating a Self-Managed Hybrid Gateway Control Plane + +Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a Konnect Gateway +Control Plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR +[API](/gateway-operator/{{ page.release }}/reference/custom-resources/#konnectgatewaycontrolplane) allows you to +explicitly set a type of the Gateway Control Plane, but if you don't specify it, the default type is +a [Self-Managed Hybrid +Gateway Control Plane](/konnect/gateway-manager/#kong-gateway-control-planes). + +You can create one by applying the following YAML manifest: + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: gateway-control-plane + namespace: default +spec: + name: gateway-control-plane # Name used to identify the Gateway Control Plane in Konnect + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can see the status of the Gateway Control Plane by running: + +```shell +kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane +``` + +If the Gateway Control Plane is successfully created, you should see the following output: + +```shell +NAME PROGRAMMED ID ORGID +gateway-control-plane True +``` + +## Creating a Control Plane Group + +Gateway Manager allows you to group multiple Gateway Control Planes. You can create +a [Control Plane Group](/konnect/gateway-manager/#control-plane-groups) by setting the `cluster_type` +field in the `spec` section of the `KonnectGatewayControlPlane` object to `CLUSTER_TYPE_CONTROL_PLANE_GROUP`. + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: control-plane-group + namespace: default +spec: + name: control-plane-group # Name used to identify the Gateway Control Plane in Konnect + cluster_type: CLUSTER_TYPE_CONTROL_PLANE_GROUP # Type of the Gateway Control Plane + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can see the status of the Gateway Control Plane by running: + +```shell +kubectl get konnectgatewaycontrolplane control-plane-group +``` + +If the Control Plane Group is successfully created, you should see the following output: + +```shell +NAME PROGRAMMED ID ORGID +control-plane-group True +``` + +### Adding a Gateway Control Plane to a Control Plane Group + +To assign Gateway Control Planes to a Control Plane Group, you need to specify the `members` field in the `spec` section of the `KonnectGatewayControlPlane` object. + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: control-plane-group + namespace: default +spec: + name: control-plane-group # Name used to identify the Gateway Control Plane in Konnect + cluster_type: CLUSTER_TYPE_CONTROL_PLANE_GROUP # Type of the Gateway Control Plane + members: + - name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can check in your Gateway Manager to see if the Gateway Control Plane was successfully added to the Control Plane Group. + +## Creating a Kubernetes Ingress Controller Control Plane + +To create a [Kubernetes Ingress Controller Control Plane](/konnect/gateway-manager/kic/), you need to specify the +`cluster_type` field in the `spec` section of +the `KonnectGatewayControlPlane` object. + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: kic-control-plane + namespace: default +spec: + name: kic-control-plane # Name used to identify the Gateway Control Plane in Konnect + cluster_type: CLUSTER_TYPE_K8S_INGRESS_CONTROLLER # Type of the Gateway Control Plane + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can see the status of the Gateway Control Plane by running: + +```shell +kubectl get konnectgatewaycontrolplane kic-control-plane +``` + +If the Control Plane is successfully created, you should see the following output: + +```shell +NAME PROGRAMMED ID ORGID +kic-control-plane True +``` From fbba31c81a8eb2fa8e17c35be00ba4b578cd8b0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Fri, 25 Oct 2024 12:12:00 +0200 Subject: [PATCH 03/17] docs(kgo): add Service and Route Konnect entities guide --- app/_data/docs_nav_kgo_1.4.x.yml | 2 + .../md/kgo/konnect-entities-prerequisites.md | 47 +++++- .../konnect-entities/service-and-route.md | 155 ++++++++++++++++++ 3 files changed, 202 insertions(+), 2 deletions(-) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/service-and-route.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index e1c761aadfae..544a37029035 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -109,6 +109,8 @@ items: items: - text: Gateway Control Plane url: /guides/konnect-entities/gatewaycontrolplane/ + - text: Services and Routes + url: /guides/konnect-entities/service-and-route/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_includes/md/kgo/konnect-entities-prerequisites.md b/app/_includes/md/kgo/konnect-entities-prerequisites.md index 6c8bf2a3dab2..6c455cfae276 100644 --- a/app/_includes/md/kgo/konnect-entities-prerequisites.md +++ b/app/_includes/md/kgo/konnect-entities-prerequisites.md @@ -2,7 +2,7 @@
-

Before you create any Konnect entity, make sure you've installed {{site.kgo_product_name}} and created a valid KonnectAPIAuthConfiguration in your cluster.

+

Before you create any Konnect entity, make sure you've installed {{site.kgo_product_name}} and created a valid KonnectAPIAuthConfiguration{% if include.with-control-plane %} and KonnectGatewayControlPlane{% endif %} in your cluster.

 @@ -18,7 +18,7 @@ You may create either a Personal Access Token (PAT) or a Service Account Token ( to create a `KonnectAPIAuthConfiguration` object that will be used by the {{site.kgo_product_name}} to authenticate with Konnect APIs. -### Create a `KonnectAPIAuthConfiguration` object +### Create a Konnect API Auth Configuration Depending on your preferences, you might want to create a `KonnectAPIAuthConfiguration` object with the token specified directly in its spec or as a reference to a Kubernetes Secret. The `serverURL` field should be set to the Konnect API @@ -85,6 +85,49 @@ NAME VALID ORGID SERVERURL konnect-api-auth True https://eu.api.konghq.tech ``` +{% if include.with-control-plane %} +### Create a Gateway Control Plane + +Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a Konnect Gateway +Control Plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR +[API](/gateway-operator/{{ page.release }}/reference/custom-resources/#konnectgatewaycontrolplane) allows you to +explicitly set a type of the Gateway Control Plane, but if you don't specify it, the default type is +a [Self-Managed Hybrid +Gateway Control Plane](/konnect/gateway-manager/#kong-gateway-control-planes). + +You can create one by applying the following YAML manifest: + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: gateway-control-plane + namespace: default +spec: + name: gateway-control-plane # Name used to identify the Gateway Control Plane in Konnect + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can see the status of the Gateway Control Plane by running: + +```shell +kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane +``` + +If the Gateway Control Plane is successfully created, you should see the following output: + +```shell +NAME PROGRAMMED ID ORGID +gateway-control-plane True +``` + +Having that in place, you will be able to reference the `gateway-control-plane` in your Konnect entities as their parent. +{% endif %} + {% unless include.disable_accordian %}
{% endunless %} diff --git a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md new file mode 100644 index 000000000000..71564aa41415 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md @@ -0,0 +1,155 @@ +--- +title: Service and Route +--- + +In this guide you'll learn how to use the `KongService` and `KongRoute` custom resources to +manage Konnect [Services](/konnect/gateway-manager/configuration/#gateway-services) +and [Routes](/konnect/gateway-manager/configuration/#routes) natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Service + +Creating the `KongService` object in your Kubernetes cluster will provision a Konnect Service in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongservice) +to see all the available fields. + +Your `KongService` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +You can create a `KongService` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongService +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: service + namespace: default +spec: + name: service + host: example.com + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane + ' | kubectl apply -f - +``` + +You can verify the `KongService` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongservice service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Service in the Gateway Manager UI. + +## Create a Route + +Creating the `KongRoute` object in your Kubernetes cluster will provision a Konnect Route in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongroute) to see all the available fields. + +Your `KongRoute` can either be associated with a `KongService` (and inherit the relation with a `KonnectGatewayControlPlane` from it) +or be directly associated with a `KonnectGatewayControlPlane` object when referring a `KongService`. + +### Associate a Route with a Service + +You can create a `KongRoute` associated with a `KongService` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongRoute +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: route-with-service + namespace: default +spec: + name: route-with-service + protocols: + - http + hosts: + - example.com + serviceRef: + type: namespacedRef + namespacedRef: + name: service # KongService reference +' | kubectl apply -f - +``` + +You can verify the `KongRoute` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongroute route-with-service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Route in the Gateway Manager UI. + +### Associate a Route with a Gateway Control Plane + +You can also create a `KongRoute` that won't refer any `KongService`. In that case, you must associate it with a +`KonnectGatewayControlPlane` so that {{site.kgo_product_name}} knows what Gateway Control Plane it should be created in. +You can do so by applying the following YAML manifest: + +```yaml +echo ' +kind: KongRoute +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: route-without-service + namespace: default +spec: + name: route-without-service + protocols: + - http + hosts: + - example.com + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference +' | kubectl apply -f - +``` + +You can verify the `KongRoute` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongroute route-without-service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Route in the Gateway Manager UI. From 1d2c488f0e34088bd0d4c22dd37411cdca7e318e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Fri, 25 Oct 2024 12:41:13 +0200 Subject: [PATCH 04/17] docs(kgo): add Consumer, Credentials and ConsumerGroup Konnect entities guide --- app/_data/docs_nav_kgo_1.4.x.yml | 4 +- .../consumer-and-consumergroup.md | 196 ++++++++++++++++++ 2 files changed, 199 insertions(+), 1 deletion(-) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 544a37029035..5f9e16f8a4af 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -109,8 +109,10 @@ items: items: - text: Gateway Control Plane url: /guides/konnect-entities/gatewaycontrolplane/ - - text: Services and Routes + - text: Service and Route url: /guides/konnect-entities/service-and-route/ + - text: Consumer, Credentials and Consumer Groups + url: /guides/konnect-entities/consumer-and-consumergroup/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md new file mode 100644 index 000000000000..c7522eb94cb4 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -0,0 +1,196 @@ +--- +title: Consumer, Credentials and Consumer Group +--- + +In this guide you'll learn how to use the `KongConsumer` and `KongConsumerGroup` custom resources to +manage Konnect [Consumers](/konnect/gateway-manager/configuration/#consumers) +and Consumer Groups natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Consumer + +Creating the `KongConsumer` object in your Kubernetes cluster will provision a Konnect Consumer in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongconsumer) +to see all the available fields. + +Your `KongConsumer` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +You can create a `KongConsumer` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongConsumer +apiVersion: configuration.konghq.com/v1 +metadata: + name: consumer + namespace: default +username: consumer +custom_id: 08433C12-2B81-4738-B61D-3AA2136F0212 # Optional +spec: + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + ' | kubectl apply -f - +``` + +You can verify the `KongConsumer` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongconsumer consumer -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Consumer in the Gateway Manager UI. + +## Associate the Consumer with Credentials + +Consumers can have credentials associated with them. You can create one of the supported credential types. Please refer +to the below CRs documentation links to learn all the available fields for each credential type. + +- [KongCredentialBasicAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialbasicauth) +- [KongCredentialKeyAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialkeyauth) +- [KongCredentialACL](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialacl) +- [KongCredentialJWT](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialjwt) +- [KongCredentialHMAC](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialhmac) + +For example, you can create a `KongCredentialBasicAuth` associated with the `consumer` `KongConsumer` by applying the +following YAML manifest: + +```yaml +echo ' +apiVersion: configuration.konghq.com/v1alpha1 +kind: KongCredentialBasicAuth +metadata: + name: basic-auth-cred + namespace: default +spec: + consumerRef: + name: consumer + password: pass + username: username + ' | kubectl apply -f - +``` + +You can verify the `KongCredentialBasicAuth` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongcredentialbasicauth basic-auth-cred -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Credential in the Consumer's Credentials in the Gateway Manager UI. + +## Create a Consumer Group + +Creating the `KongConsumerGroup` object in your Kubernetes cluster will provision a Konnect Consumer Group in +your [Gateway Manager](/konnect/gateway-manager). Please refer to the +`KongConsumerGroup` CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongconsumergroup) to see +all the available fields. + +You can create a `KongConsumerGroup` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongConsumerGroup +apiVersion: configuration.konghq.com/v1beta1 +metadata: + name: consumer-group + namespace: default +spec: + name: consumer-group + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference +' | kubectl apply -f - +``` + +You can verify the `KongConsumerGroup` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongconsumergroup consumer-group -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Consumer Group in the Gateway Manager UI. + +### Associate a Consumer with a Consumer Group + +You can associate a `KongConsumer` with a `KongConsumerGroup` by modifying the `KongConsumer` object and adding the +`consumerGroups` field. This field is a list of `KongConsumerGroup` names. + +For example, you can associate the `consumer` `KongConsumer` with the `consumer-group` `KongConsumerGroup` by applying the +following YAML manifest: + +```yaml +echo ' +kind: KongConsumer +apiVersion: configuration.konghq.com/v1 +metadata: + name: consumer + namespace: default +username: consumer +custom_id: 08433C12-2B81-4738-B61D-3AA2136F0212 # Optional +consumerGroups: + - consumer-group # KongConsumerGroup reference +spec: + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + ' | kubectl apply -f - +``` + +You can verify the `KongConsumer`'s `consumerGroups` field was reconciled successfully by checking its `KongConsumerGroupRefsValid` condition. + +```shell +kubectl get kongconsumer consumer -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongConsumerGroupRefsValid")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 2, + "reason": "Valid", + "status": "True", + "type": "KongConsumerGroupRefsValid" +} +``` + +At this point, you should see the `consumer` Consumer in the Consumer Group members in the Gateway Manager UI. From 6838d1b2f18b3de36919eb10387985955384f1cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Fri, 25 Oct 2024 17:36:15 +0200 Subject: [PATCH 05/17] docs(kgo): add Key and KeySet Konnect entities guide --- app/_data/docs_nav_kgo_1.4.x.yml | 4 +- .../guides/konnect-entities/key-and-keyset.md | 188 ++++++++++++++++++ 2 files changed, 191 insertions(+), 1 deletion(-) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 5f9e16f8a4af..26cba4b2db70 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -105,7 +105,7 @@ items: url: /guides/upgrade/data-plane/blue-green/ - text: Kong Custom Plugin Distribution url: guides/plugin-distribution/ - - text: Konnect entities + - text: Managing Konnect entities items: - text: Gateway Control Plane url: /guides/konnect-entities/gatewaycontrolplane/ @@ -113,6 +113,8 @@ items: url: /guides/konnect-entities/service-and-route/ - text: Consumer, Credentials and Consumer Groups url: /guides/konnect-entities/consumer-and-consumergroup/ + - text: Key and Key Set + url: /guides/konnect-entities/key-and-keyset/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md new file mode 100644 index 000000000000..07ba2ac85fac --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md @@ -0,0 +1,188 @@ +--- +title: Key and Key Set +--- + +In this guide you'll learn how to use the `KongKey` and `KongKeySet` custom resources to +manage Konnect [Keys](/konnect/gateway-manager/configuration/#keys) +and Key Sets natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Key + +Creating the `KongKey` object in your Kubernetes cluster will provision a Konnect Key in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongkey) +to see all the available fields. + +Your `KongKey` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +`KongKey` supports two types of keys: JWK and PEM. You can create a PEM `KongKey` by providing `spec.pem.private_key` +and `spec.pem.public_key` fields. For JWK keys, you should provide `spec.jwk` field with the JWK key string +representation. + +For this example, we will create a PEM `KongKey` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongKey +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: key + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + kid: key-id + name: key + pem: + private_key: | # Sample private key in PEM format, replace with your own + -----BEGIN PRIVATE KEY----- + MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4f5Ur6EzZKsfu0ct + QCmmbCkUohHp6lAgGGmVmQpj5Xrx5jrjGWWdDAF1ADFPh/XMC58iZFaX33UpGOUn + tuWbJQIDAQABAkEAxqXvvL2+1iNRbiY/kWHLBtIJb/i9G5i4zZypwe+PJduIPRlH + 4bFHih8sHtYt5rEs4RnT0SJnZN1HKhJcisVLdQIhAPKboGS0dTprmMLrAXQh15p7 + xz4XUbZrNqPct+hqa5JXAiEA7nfrjPYm2UXKRzvFo9Zbd9K/Y3M0Xas9LsXdRaO8 + 6OMCIAhkX8D8CQ4TSL59WJiGzyl13KeGMPppbQNwECCHBd+TAiB8dDOHprORsz2l + PYmhPu8PsvpVkbtjo0nUDkmz3Ydq1wIhAIMCsZQ7A3H/kN88aYsqKeGg9c++yqIP + /9xIOKHsjlB4 + -----END PRIVATE KEY----- + public_key: | # Sample public key in PEM format, replace with your own + -----BEGIN PUBLIC KEY----- + MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOH+VK+hM2SrH7tHLUAppmwpFKIR6epQ + IBhplZkKY+V68eY64xllnQwBdQAxT4f1zAufImRWl991KRjlJ7blmyUCAwEAAQ== + -----END PUBLIC KEY----- + ' | kubectl apply -f - +``` + +You can verify the `KongKey` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongkey key -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Key in the Gateway Manager UI. + +## Create a Key Set + +Creating the `KongKeySet` object in your Kubernetes cluster will provision a Konnect Key Set in +your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release +}}/reference/custom-resources/#kongkeyset) +to see all the available fields. + +Your `KongKeySet` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. + +To create a `KongKeySet`, you can apply the following YAML manifest: + +```yaml +echo ' +kind: KongKeySet +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: key-set + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + name: key-set + ' | kubectl apply -f - +``` + +You can verify the `KongKeySet` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongkeyset key-set -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Key Set in the Gateway Manager UI. + +### Associate the Key with the Key Set + +A single `KongKey` can be associated with only one `KongKeySet`. To associate a `KongKey` with a `KongKeySet`, you need +to update the `KongKey` object with the `keySetRef` field. You can do this by applying the following YAML manifest: + +```yaml +echo ' +kind: KongKey +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: key + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + kid: key-id + name: key + pem: + private_key: | # Sample private key in PEM format, replace with your own + -----BEGIN PRIVATE KEY----- + MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4f5Ur6EzZKsfu0ct + QCmmbCkUohHp6lAgGGmVmQpj5Xrx5jrjGWWdDAF1ADFPh/XMC58iZFaX33UpGOUn + tuWbJQIDAQABAkEAxqXvvL2+1iNRbiY/kWHLBtIJb/i9G5i4zZypwe+PJduIPRlH + 4bFHih8sHtYt5rEs4RnT0SJnZN1HKhJcisVLdQIhAPKboGS0dTprmMLrAXQh15p7 + xz4XUbZrNqPct+hqa5JXAiEA7nfrjPYm2UXKRzvFo9Zbd9K/Y3M0Xas9LsXdRaO8 + 6OMCIAhkX8D8CQ4TSL59WJiGzyl13KeGMPppbQNwECCHBd+TAiB8dDOHprORsz2l + PYmhPu8PsvpVkbtjo0nUDkmz3Ydq1wIhAIMCsZQ7A3H/kN88aYsqKeGg9c++yqIP + /9xIOKHsjlB4 + -----END PRIVATE KEY----- + public_key: | # Sample public key in PEM format, replace with your own + -----BEGIN PUBLIC KEY----- + MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOH+VK+hM2SrH7tHLUAppmwpFKIR6epQ + IBhplZkKY+V68eY64xllnQwBdQAxT4f1zAufImRWl991KRjlJ7blmyUCAwEAAQ== + -----END PUBLIC KEY----- + keySetRef: + type: namespacedRef + namespacedRef: + name: key-set # KongKeySet reference + ' | kubectl apply -f - +``` + +You can verify the `KongKey` was successfully associated with the `KongKeySet` by checking its `KeySetRefValid` +condition. + +```shell +kubectl get kongkey key -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KeySetRefValid")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 2, + "reason": "Valid", + "status": "True", + "type": "KeySetRefValid" +} +``` + +At this point, you should see the Key associated with the Key Set in the Gateway Manager UI. From c2e8c5cd3435ed41c726abaf97e5b2b78aa94009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Fri, 25 Oct 2024 18:02:49 +0200 Subject: [PATCH 06/17] docs(kgo): add Upstream and Targets Konnect entities guide --- app/_data/docs_nav_kgo_1.4.x.yml | 2 + .../konnect-entities/upstream-and-target.md | 144 ++++++++++++++++++ 2 files changed, 146 insertions(+) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 26cba4b2db70..0231bad05a46 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -115,6 +115,8 @@ items: url: /guides/konnect-entities/consumer-and-consumergroup/ - text: Key and Key Set url: /guides/konnect-entities/key-and-keyset/ + - text: Upstream and Targets + url: /guides/konnect-entities/upstream-and-target/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md new file mode 100644 index 000000000000..f55e4f8262cf --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -0,0 +1,144 @@ +--- +title: Upstream and Target +--- + +In this guide you'll learn how to use the `KongUpstream` and `KongTarget` custom resources to +manage Konnect [Upstream](/konnect/gateway-manager/configuration/#upstreams) +and their Targets natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create an Upstream + +Creating the `KongUpstream` object in your Kubernetes cluster will provision a Konnect Key in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongupstream) +to see all the available fields. + +Your `KongUpstream` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +To create a `KongUpstream`, you can apply the following YAML manifest: + +```yaml +echo ' +kind: KongUpstream +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: upstream + namespace: default +spec: + name: upstream + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane # KonnectGatewayControlPlane reference + ' | kubectl apply -f - +``` + +You can verify the `KongUpstream` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongkey key -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Upstream in the Gateway Manager UI. + +## Create a Target + +Each `KongTarget` must be associated with a `KongUpstream` it's meant to be a backend for. For this reason, you must +specify the `upstreamRef` field in the `spec` section of the `KongTarget` object. Please refer to the CR [API]( +/gateway-operator/{{ page.release }}/reference/custom-resources/#kongtarget) +to see all the available fields. + +To create two different `KongTarget`s associated with the `KongUpstream` created before, you can apply the following +YAML manifest: + +```yaml +echo ' +kind: KongTarget +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: target-a + namespace: default +spec: + upstreamRef: + name: upstream # KongUpstream reference + target: "10.0.0.1" + weight: 30 +--- +kind: KongTarget +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: target-b + namespace: default +spec: + upstreamRef: + name: upstream # KongUpstream reference + target: "10.0.0.2" + weight: 70 + ' | kubectl apply -f - +``` + +You can verify both `KongTarget`s successfully were associated with the `KongUpstream` by checking their +`KongUpstreamRefValid` condition. + +```shell +kubectl get kongtarget target-a -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongUpstreamRefValid")' +kubectl get kongtarget target-b -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongUpstreamRefValid")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Valid", + "status": "True", + "type": "KongUpstreamRefValid" +} +{ + "observedGeneration": 1, + "reason": "Valid", + "status": "True", + "type": "KongUpstreamRefValid" +} +``` + +You can also verify both `KongTarget`s were reconciled successfully by checking their `Programmed` condition. + +```shell +kubectl get kongtarget target-a -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +kubectl get kongtarget target-b -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see both Targets in the `upstream` Upstream in the Gateway Manager UI. From 2244918a4990f73776692d4a3180305e8d4b20f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Fri, 25 Oct 2024 18:20:48 +0200 Subject: [PATCH 07/17] docs(kgo): add Konnect entities tagging and labeling guide --- app/_data/docs_nav_kgo_1.4.x.yml | 2 + .../consumer-and-consumergroup.md | 2 +- .../konnect-entities/tagging-and-labeling.md | 95 +++++++++++++++++++ 3 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 0231bad05a46..20b81690a6f6 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -117,6 +117,8 @@ items: url: /guides/konnect-entities/key-and-keyset/ - text: Upstream and Targets url: /guides/konnect-entities/upstream-and-target/ + - text: Tagging and Labeling + url: /guides/konnect-entities/tagging-and-labeling/ - title: Reference icon: /assets/images/icons/icn-magnifying-glass.svg items: diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md index c7522eb94cb4..66765b8f8a5e 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -60,7 +60,7 @@ At this point, you should see the Consumer in the Gateway Manager UI. ## Associate the Consumer with Credentials Consumers can have credentials associated with them. You can create one of the supported credential types. Please refer -to the below CRs documentation links to learn all the available fields for each credential type. +to the below Custom Resource's documentation links to learn all the available fields for each credential type. - [KongCredentialBasicAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialbasicauth) - [KongCredentialKeyAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialkeyauth) diff --git a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md new file mode 100644 index 000000000000..ef8b38838ab9 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md @@ -0,0 +1,95 @@ +--- +title: Tagging and Labeling +--- + +Tags and labels are a way to organize and categorize your resources. In this guide, you'll learn how to annotate your +Konnect entities managed by {{site.kgo_product_name}} with tags and labels (depending on particular entity's support for +those). + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release %} + +## Labeling + +Labels are key-value pairs that you can attach to objects. As of now, the only Konnect entity that supports labeling is +the [KonnectGatewayControlPlane](/gateway-operator/guides/konnect-entities/gatewaycontrolplane). You can add labels to +the `KonnectGatewayControlPlane` object by specifying the `labels` field in the `spec` section. + +```yaml +echo ' +kind: KonnectGatewayControlPlane +apiVersion: konnect.konghq.com/v1alpha1 +metadata: + name: gateway-control-plane + namespace: default +spec: + labels: # Arbitrary key-value pairs + environment: production + team: devops + name: gateway-control-plane + konnect: + authRef: + name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object + ' | kubectl apply -f - +``` + +You can verify the Control Plane was reconciled successfully by checking its status. + +```shell +kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane +``` + +The output should look similar to this: + +```console +NAME PROGRAMMED ID ORGID +gateway-control-plane True +``` + +At this point, labels should be visible in the Gateway Manager UI. + +## Tagging + +Tags are values that you can attach to objects. All the Konnect entities that can be attached to a +`KonnectGatewayControlPlane` object support tagging. You can add tags to those entities by specifying the `tags` field +in their `spec` section. + +For example, to add tags to a `KongService` object, you can apply the following YAML manifest: + +```yaml +echo ' +kind: KongService +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: service + namespace: default +spec: + tags: # Arbitrary list of strings + - production + - devops + name: service + host: example.com + controlPlaneRef: + type: konnectNamespacedRef + konnectNamespacedRef: + name: gateway-control-plane + ' | kubectl apply -f - +``` + +You can verify the `KongService` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongservice service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, tags should be visible in the Gateway Manager UI. From 6a4693870b8ca52c4d94d82357ae8e8ba0178a3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Mon, 28 Oct 2024 10:52:32 +0100 Subject: [PATCH 08/17] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Patryk Małek --- .../konnect-entities/consumer-and-consumergroup.md | 10 +++++----- .../guides/konnect-entities/key-and-keyset.md | 8 ++++---- .../guides/konnect-entities/service-and-route.md | 6 +++--- .../guides/konnect-entities/tagging-and-labeling.md | 2 +- .../guides/konnect-entities/upstream-and-target.md | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md index 66765b8f8a5e..c012141a4d37 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -34,7 +34,7 @@ spec: controlPlaneRef: type: konnectNamespacedRef konnectNamespacedRef: - name: gateway-control-plane # KonnectGatewayControlPlane reference + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` @@ -80,7 +80,7 @@ metadata: namespace: default spec: consumerRef: - name: consumer + name: consumer # Reference to the KongConsumer object password: pass username: username ' | kubectl apply -f - @@ -126,7 +126,7 @@ spec: controlPlaneRef: type: konnectNamespacedRef konnectNamespacedRef: - name: gateway-control-plane # KonnectGatewayControlPlane reference + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` @@ -167,12 +167,12 @@ metadata: username: consumer custom_id: 08433C12-2B81-4738-B61D-3AA2136F0212 # Optional consumerGroups: - - consumer-group # KongConsumerGroup reference + - consumer-group # Reference to the KongConsumerGroup object spec: controlPlaneRef: type: konnectNamespacedRef konnectNamespacedRef: - name: gateway-control-plane # KonnectGatewayControlPlane reference + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` diff --git a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md index 07ba2ac85fac..e58b302aaaf4 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md +++ b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md @@ -34,9 +34,9 @@ metadata: namespace: default spec: controlPlaneRef: - type: konnectNamespacedRef + type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: - name: gateway-control-plane # KonnectGatewayControlPlane reference + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object kid: key-id name: key pem: @@ -98,7 +98,7 @@ metadata: namespace: default spec: controlPlaneRef: - type: konnectNamespacedRef + type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: name: gateway-control-plane # KonnectGatewayControlPlane reference name: key-set @@ -138,7 +138,7 @@ metadata: namespace: default spec: controlPlaneRef: - type: konnectNamespacedRef + type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: name: gateway-control-plane # KonnectGatewayControlPlane reference kid: key-id diff --git a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md index 71564aa41415..fb555114ea65 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md +++ b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md @@ -32,9 +32,9 @@ spec: name: service host: example.com controlPlaneRef: - type: konnectNamespacedRef + type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: - name: gateway-control-plane + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` @@ -131,7 +131,7 @@ spec: controlPlaneRef: type: konnectNamespacedRef konnectNamespacedRef: - name: gateway-control-plane # KonnectGatewayControlPlane reference + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` diff --git a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md index ef8b38838ab9..7b8ef633802a 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md +++ b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md @@ -71,7 +71,7 @@ spec: controlPlaneRef: type: konnectNamespacedRef konnectNamespacedRef: - name: gateway-control-plane + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object ' | kubectl apply -f - ``` diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md index f55e4f8262cf..32c0c7cfa34c 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -31,7 +31,7 @@ metadata: spec: name: upstream controlPlaneRef: - type: konnectNamespacedRef + type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: name: gateway-control-plane # KonnectGatewayControlPlane reference ' | kubectl apply -f - @@ -75,7 +75,7 @@ metadata: namespace: default spec: upstreamRef: - name: upstream # KongUpstream reference + name: upstream # Reference to the KongUpstream object target: "10.0.0.1" weight: 30 --- @@ -86,7 +86,7 @@ metadata: namespace: default spec: upstreamRef: - name: upstream # KongUpstream reference + name: upstream # Reference to the KongUpstream object target: "10.0.0.2" weight: 70 ' | kubectl apply -f - From 0d90578e25cc790784ea9a9d78b1a54b7a1d82bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= Date: Mon, 28 Oct 2024 17:30:28 +0100 Subject: [PATCH 09/17] docs(kgo): add Konnect entities architecture overview section --- .github/styles/kong/dictionary.txt | 1 + app/_data/docs_nav_kgo_1.4.x.yml | 2 + .../guides/konnect-entities/architecture.md | 124 ++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/architecture.md diff --git a/.github/styles/kong/dictionary.txt b/.github/styles/kong/dictionary.txt index cac759824377..9bf3ce88cdd1 100644 --- a/.github/styles/kong/dictionary.txt +++ b/.github/styles/kong/dictionary.txt @@ -230,6 +230,7 @@ ElastiCache elbs enablement enqueued +enqueues enum env Equinix diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index 20b81690a6f6..befaaa56b6bc 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -107,6 +107,8 @@ items: url: guides/plugin-distribution/ - text: Managing Konnect entities items: + - text: Architecture overview + url: /guides/konnect-entities/architecture/ - text: Gateway Control Plane url: /guides/konnect-entities/gatewaycontrolplane/ - text: Service and Route diff --git a/app/_src/gateway-operator/guides/konnect-entities/architecture.md b/app/_src/gateway-operator/guides/konnect-entities/architecture.md new file mode 100644 index 000000000000..fc1123b29143 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/architecture.md @@ -0,0 +1,124 @@ +--- +title: Architecture +--- + +In this guide you'll learn how your Kubernetes resources are synchronized against Konnect. + +## Overview + +{{site.kgo_product_name}} 1.4.0 introduced support for managing Konnect entities. +It is designed to allow users drive their {{site.konnect_short_name}} configuration through Kubernetes [CRDs][k8s_crds]. + +[k8s_crds]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/ + +{:.note} +> **Note:** Konnect entities management is an opt-in feature. You must +> enable it by setting `GATEWAY_OPERATOR_ENABLE_CONTROLLER_KONNECT` environment variable to `true`. + +At a high level {{site.kgo_product_name}}, watches for changes in the Kubernetes cluster and synchronizes them against {{site.konnect_product_name}}. + +Below diagram illustrates high level overview, how {{site.konnect_short_name}} configuration is synchronized from Kubernetes resources to {{site.konnect_short_name}}: + + +{% mermaid %} +flowchart BT + + subgraph Kong Konnect + direction LR + + KonnectAPI(Konnect APIs) + end + + subgraph Kubernetes cluster + direction LR + + KGO(Kong Gateway Operator) + K8sAPIServer( API server) + end + + KGO -.-> |configuration synchronization| KonnectAPI + K8sAPIServer -.-> |events| KGO +{% endmermaid %} + + +## How it works + +{{site.kgo_product_name}} watches for changes in the Kubernetes cluster and synchronizes them against {{site.konnect_short_name}}. + +The synchronization is performed in a loop, where the operator reconciles the state of the cluster with the state of {{site.konnect_short_name}}. + +The algorithm is as follows: + +- When a Kubernetes resource is created: + - The operator checks if it has references and whether they are valid, if not it assigns a failure condition to the resource. + - If the resource has references and they are valid, the operator calls the Konnect API's create method. + - If the creation was unsuccessful, the operator assigns a failure condition to the resource. + - If the creation was successful, the operator assigns the resource's ID, OrgID, ServerURL and status conditions. + - The operator enqueues the resource for update after the configured sync period passes. + +- When a Kubernetes resource is updated: + - The operator checks if the resource's spec, annotations or labels have changed. + - If the spec, annotations or labels have changed: + - The operator calls the Konnect API's update method. + - If the update was unsuccessful, the operator assigns a failure condition to the resource. + - If the update was successful, the operator waits for the configured sync period to pass. + - If the spec, annotations or labels have not changed: + - If sync period has not passed, the operator enqueues the resource for update. + - If sync period has passed, the operator calls the Konnect API's update method. + - If the update was unsuccessful, the operator assigns a failure condition to the resource. + - If the update was successful, the operator enqueues the resource for update. + +- When a Kubernetes resource is deleted: + - The operator calls the Konnect API's delete method. + - If the deletion was unsuccessful, the operator assigns a failure condition to the resource. + - If the deletion was successful, the operator removes the resource from the cluster. + +Below diagram illustrates the algorithm: + + +{% mermaid %} +flowchart TB + +classDef decision fill:#d0e1fb +classDef start fill:#545454,stroke:none,color:#fff + + k8sResourceCreated(Kubernetes resource created) + k8sResourceUpdated(Kubernetes resource updated) + rLoopStart[Operator reconciliation start] + failure[Assign object's status conditions to indicate failure] + resourceSpecChanged{Resource spec, annotations or labels changed?} + waitForSync["Wait until sync period passes (default 1m) + (Prevent API rate limiting)"] + createSuccess[Assign object's ID, OrgID, ServerURL and status conditions] + hasReferences{If object has references, are they all valid?} + isAlreadyCreated{Object already created?} + syncPeriodPassed[Sync period passed] + updateKonnectEntity[Call Konnect API's update] + wasUpdateSuccessful{Was update successful?} + wasCreateSuccessful{Was create successful?} + callCreate[Call Konnect API's create] + + k8sResourceCreated --> rLoopStart + rLoopStart --> isAlreadyCreated + isAlreadyCreated -->|Yes| waitForSync + isAlreadyCreated -->|No| hasReferences + hasReferences -->|Yes| callCreate + hasReferences -->|No| failure + callCreate --> wasCreateSuccessful + wasCreateSuccessful -->|Yes| createSuccess + wasCreateSuccessful -->|No| failure + k8sResourceUpdated --> resourceSpecChanged + resourceSpecChanged -->|Yes| updateKonnectEntity + resourceSpecChanged -->|No| waitForSync + createSuccess --> waitForSync + waitForSync --> syncPeriodPassed + syncPeriodPassed --> updateKonnectEntity + updateKonnectEntity --> wasUpdateSuccessful + wasUpdateSuccessful -->|Yes| waitForSync + wasUpdateSuccessful -->|No| failure + failure -->rLoopStart + +class hasReferences,wasCreateSuccessful,wasUpdateSuccessful decision +class k8sResourceCreated,k8sResourceUpdated start +{% endmermaid %} + From f45f3507c935ed5ac0cc57a585077bc9c6303737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Mon, 28 Oct 2024 21:23:21 +0100 Subject: [PATCH 10/17] docs(kgo): add Certificate and CA Certificate Konnect entities guide --- .../certificate-and-cacertificate.md | 201 ++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md diff --git a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md new file mode 100644 index 000000000000..896b72c6d8b6 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md @@ -0,0 +1,201 @@ +--- +title: Certificate and CA Certificate +--- + +In this guide you'll learn how to use the `KongCertificate` and `KongCACertificate` custom resources to +manage Konnect [Certificates](/konnect/gateway-manager/configuration/#certificates) +and CA Certificates natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Certificate + +Creating the `KongCertificate` object in your Kubernetes cluster will provision a Konnect Certificate in +your [Gateway Manager](/konnect/gateway-manager). +You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcertificate) +to see all the available fields. + +Your `KongCertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your +cluster. +It will make it part of the Gateway Control Plane's configuration. + +You can create a `KongCertificate` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongCertificate +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: cert + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef # This indicates that an in cluster reference is used + konnectNamespacedRef: + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object + cert: | # Sample certificate in PEM format, replace with your own + -----BEGIN CERTIFICATE----- + MIIB4TCCAYugAwIBAgIUAenxUyPjkSLCe2BQXoBMBacqgLowDQYJKoZIhvcNAQEL + BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM + GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEwMjgyMDA3NDlaFw0zNDEw + MjYyMDA3NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw + HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF + AANLADBIAkEAyzipjrbAaLO/yPg7lL1dLWzhqNdc3S4YNR7f1RG9whWhbsPE2z42 + e6WGFf9hggP6xjG4qbU8jFVczpd1UPwGbQIDAQABo1MwUTAdBgNVHQ4EFgQUkPPB + ghj+iHOHAKJlC1gLbKT/ZHQwHwYDVR0jBBgwFoAUkPPBghj+iHOHAKJlC1gLbKT/ + ZHQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALfy49GvA2ld+u+G + Koxa8kCt7uywoqu0hfbBfUT4HqmXPvsuhz8RinE5ltxId108vtDNlD/+bKl+N5Ub + qKjBs0k= + -----END CERTIFICATE----- + key: | # Sample private key in PEM format, replace with your own + -----BEGIN PRIVATE KEY----- + MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAyzipjrbAaLO/yPg7 + lL1dLWzhqNdc3S4YNR7f1RG9whWhbsPE2z42e6WGFf9hggP6xjG4qbU8jFVczpd1 + UPwGbQIDAQABAkB4pTPsOMxznDrAWbYtcFovzJMPRIOp/2J5rtGdUcIAxP2rsdqh + Y1Nj2MV91UPsWjM0OpTD694T5mVR92oTUIvVAiEA7D1L8dCNc4pwZD7tpNLhZVh9 + BhCHPVVQ2RUwBype4FsCIQDcOFV7eD6LWTGLQfCcATr4qYLQ96Xu84F/CyqRIXvu + 1wIhAM3glYDFuaBJs60JUl1kEl4aAcr5OILxCSZGWrbD7C8lAiBtERF1JyaCyVf6 + SlwqR4m3YezCJgTuhXdbPmKEonrI3QIgIh52IOxTS7+ETXY1JjbouTR5irPEWgTM + +qqDoIn8JJI= + -----END PRIVATE KEY----- + ' | kubectl apply -f - +``` + +You can verify the `KongCertificate` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongcertificate cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Certificate in the Gateway Manager UI. + +### Assign an SNI to the Certificate + +You can assign multiple SNIs to a `KongCertificate`. To do so, you need to create a `KongSNI` object and associate it +with +the `KongCertificate`. Please refer to the CR [API](/gateway-operator/{{ page.release +}}/reference/custom-resources/#kongsni) +to see all the available fields. + +You can create a `KongSNI` by applying the following YAML manifest: + +```yaml +echo ' +apiVersion: configuration.konghq.com/v1alpha1 +kind: KongSNI +metadata: + name: example-sni + namespace: default +spec: + certificateRef: + name: cert # Reference to the KongCertificate object + name: "sni.example.com" + ' | kubectl apply -f - +``` + +You can ensure the `KongCertificate` reference is valid by checking the `KongSNI`'s `KongCertificateRefValid` condition. + +```shell +kubectl get kongsni example-sni -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongCertificateRefValid")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Valid", + "status": "True", + "type": "KongCertificateRefValid" +} +``` + +You can verify the `KongSNI` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongsni example-sni -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the SNI in the Certificate's SNIs in the Gateway Manager UI. + +## Create a CA Certificate + +Creating the `KongCACertificate` object in your Kubernetes cluster will provision a Konnect CA Certificate in +your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release +}}/reference/custom-resources/#kongcacertificate) to see all the available fields. + +Your `KongCACertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your +cluster. + +You can create a `KongCACertificate` by applying the following YAML manifest: + +```yaml +echo ' +kind: KongCACertificate +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: ca-cert + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef # This indicates that an in cluster reference is used + konnectNamespacedRef: + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object + cert: | + -----BEGIN CERTIFICATE----- + MIIB4TCCAYugAwIBAgIUAenxUyPjkSLCe2BQXoBMBacqgLowDQYJKoZIhvcNAQEL + BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM + GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEwMjgyMDA3NDlaFw0zNDEw + MjYyMDA3NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw + HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF + AANLADBIAkEAyzipjrbAaLO/yPg7lL1dLWzhqNdc3S4YNR7f1RG9whWhbsPE2z42 + e6WGFf9hggP6xjG4qbU8jFVczpd1UPwGbQIDAQABo1MwUTAdBgNVHQ4EFgQUkPPB + ghj+iHOHAKJlC1gLbKT/ZHQwHwYDVR0jBBgwFoAUkPPBghj+iHOHAKJlC1gLbKT/ + ZHQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALfy49GvA2ld+u+G + Koxa8kCt7uywoqu0hfbBfUT4HqmXPvsuhz8RinE5ltxId108vtDNlD/+bKl+N5Ub + qKjBs0k= + -----END CERTIFICATE----- +' | kubectl apply -f - +``` + +You can verify the `KongCACertificate` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongcacertificate ca-cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the CA Certificate in the Gateway Manager UI. From c1b3c8e7f3fcf481726f3eeeab1fbe26599ed884 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Mon, 28 Oct 2024 21:33:28 +0100 Subject: [PATCH 11/17] docs(kgo): add Vault Konnect entity guide --- .../guides/konnect-entities/vault.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/vault.md diff --git a/app/_src/gateway-operator/guides/konnect-entities/vault.md b/app/_src/gateway-operator/guides/konnect-entities/vault.md new file mode 100644 index 000000000000..7d2a4e2617d3 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/vault.md @@ -0,0 +1,58 @@ +--- +title: Vault +--- + +In this guide you'll learn how to use the `KongVault` custom resource to manage +Konnect [Vault](/konnect/gateway-manager/configuration/#vaults) natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Vault + +Creating the `KongVault` object in your Kubernetes cluster will provision a Konnect Vault in +your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release +}}/reference/custom-resources/#kongvault) to see all the available fields. + +Your `KongVault` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +To create a `KongVault`, you can apply the following YAML manifest: + +```yaml +echo ' +kind: KongVault +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: env-vault +spec: + backend: env + prefix: env-vault + config: + prefix: env-vault + controlPlaneRef: + type: konnectNamespacedRef # This indicates that an in cluster reference is used + konnectNamespacedRef: + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object + namespace: default # KongVault is cluster scoped, so we need to specify namespace of the Konnect Control Plane + ' | kubectl apply -f - +``` + +You can verify the `KongVault` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongvault env-vault -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Vault in the Gateway Manager UI. From d23230ae56d90754ce9bb5913c7827e1bb85b33e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Mon, 28 Oct 2024 21:42:21 +0100 Subject: [PATCH 12/17] docs(kgo): add DP Client Certificate entity guide --- app/_data/docs_nav_kgo_1.4.x.yml | 6 ++ .../certificate-and-cacertificate.md | 2 +- .../guides/konnect-entities/dpcertificate.md | 68 +++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md diff --git a/app/_data/docs_nav_kgo_1.4.x.yml b/app/_data/docs_nav_kgo_1.4.x.yml index befaaa56b6bc..fa4da0f9100d 100644 --- a/app/_data/docs_nav_kgo_1.4.x.yml +++ b/app/_data/docs_nav_kgo_1.4.x.yml @@ -119,6 +119,12 @@ items: url: /guides/konnect-entities/key-and-keyset/ - text: Upstream and Targets url: /guides/konnect-entities/upstream-and-target/ + - text: Certificate and CA Certificate + url: /guides/konnect-entities/certificate-and-cacertificate/ + - text: Vault + url: /guides/konnect-entities/vault/ + - text: Data Plane Client Certificate + url: /guides/konnect-entities/dpcertificate/ - text: Tagging and Labeling url: /guides/konnect-entities/tagging-and-labeling/ - title: Reference diff --git a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md index 896b72c6d8b6..42da62907061 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md @@ -164,7 +164,7 @@ spec: type: konnectNamespacedRef # This indicates that an in cluster reference is used konnectNamespacedRef: name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object - cert: | + cert: | # Sample CA certificate in PEM format, replace with your own -----BEGIN CERTIFICATE----- MIIB4TCCAYugAwIBAgIUAenxUyPjkSLCe2BQXoBMBacqgLowDQYJKoZIhvcNAQEL BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM diff --git a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md new file mode 100644 index 000000000000..487ae76e5fb4 --- /dev/null +++ b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md @@ -0,0 +1,68 @@ +--- +title: Data Plane Client Certificate +--- + +In this guide you'll learn how to use the `KongDataPlaneClientCertificate` custom resource to manage +Konnect [Vault](/konnect/gateway-manager/configuration/#vaults) natively from your Kubernetes cluster. + +{% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release +with-control-plane=true %} + +## Create a Data Plane Client Certificate + +Creating the `KongDataPlaneClientCertificate` object in your Kubernetes cluster will provision a Data Plane Client Certificate in +your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release +}}/reference/custom-resources/#kongdataplaneclientcertificate) to see all the available fields. + +Your `KongDataPlaneClientCertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. +It will make it part of the Gateway Control Plane's configuration. + +To create a `KongDataPlaneClientCertificate`, you can apply the following YAML manifest: + +```yaml +echo ' +kind: KongDataPlaneClientCertificate +apiVersion: configuration.konghq.com/v1alpha1 +metadata: + name: dp-cert + namespace: default +spec: + controlPlaneRef: + type: konnectNamespacedRef # This indicates that an in cluster reference is used + konnectNamespacedRef: + name: gateway-control-plane # Reference to the KonnectGatewayControlPlane object + cert: | # Sample certificate in PEM format, replace with your own + -----BEGIN CERTIFICATE----- + MIIB4TCCAYugAwIBAgIUAenxUyPjkSLCe2BQXoBMBacqgLowDQYJKoZIhvcNAQEL + BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM + GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEwMjgyMDA3NDlaFw0zNDEw + MjYyMDA3NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw + HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF + AANLADBIAkEAyzipjrbAaLO/yPg7lL1dLWzhqNdc3S4YNR7f1RG9whWhbsPE2z42 + e6WGFf9hggP6xjG4qbU8jFVczpd1UPwGbQIDAQABo1MwUTAdBgNVHQ4EFgQUkPPB + ghj+iHOHAKJlC1gLbKT/ZHQwHwYDVR0jBBgwFoAUkPPBghj+iHOHAKJlC1gLbKT/ + ZHQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALfy49GvA2ld+u+G + Koxa8kCt7uywoqu0hfbBfUT4HqmXPvsuhz8RinE5ltxId108vtDNlD/+bKl+N5Ub + qKjBs0k= + -----END CERTIFICATE----- + ' | kubectl apply -f - +``` + +You can verify the `KongDataPlaneClientCertificate` was reconciled successfully by checking its `Programmed` condition. + +```shell +kubectl get kongdataplaneclientcertificate dp-cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": 1, + "reason": "Programmed", + "status": "True", + "type": "Programmed" +} +``` + +At this point, you should see the Data Plane Client Certificate in the Gateway Manager UI. From a08b6e1f0bfdf38cd76601995b8b6e16a4033ee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= Date: Tue, 29 Oct 2024 12:48:50 +0100 Subject: [PATCH 13/17] docs(kgo): add more information about Konnect related fields --- .../guides/konnect-entities/architecture.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/app/_src/gateway-operator/guides/konnect-entities/architecture.md b/app/_src/gateway-operator/guides/konnect-entities/architecture.md index fc1123b29143..6782befd57e9 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/architecture.md +++ b/app/_src/gateway-operator/guides/konnect-entities/architecture.md @@ -122,3 +122,62 @@ class hasReferences,wasCreateSuccessful,wasUpdateSuccessful decision class k8sResourceCreated,k8sResourceUpdated start {% endmermaid %} + +## Kubernetes resources + +Each Kubernetes resource that is mapped to a {{site.konnect_short_name}} entity has several fields that indicate its status in {{site.konnect_short_name}}. + +### Konnect native objects + +Objects that are native to {{site.konnect_short_name}} - they exist only in {{site.konnect_short_name}} - have the following `status` fields: + +- `id` is the unique identifier of the Konnect entity as assigned by Konnect API. If it's unset (empty string), it means the Konnect entity hasn't been created yet. +- `serverURL` is the URL of the Konnect server in which the entity exists. +- `organizationID` is ID of Konnect Org that this entity has been created in. + +You can observe these fields by running: + +```bash +kubectl get -o yaml | yq '.status' +``` + +You should see the following output: + +```yaml +conditions: + ... +id: 7dcf6756-b2e7-4067-a19b-111111111111 +organizationID: 5ca26716-02f7-4430-9117-111111111111 +serverURL: https://eu.api.konghq.com +``` + +These objects are defined under `konnect.konghq.com` API group. + +### Objects configuring {{site.base_gateway}} + +Some objects can be used to configure {{site.base_gateway}} and are not native to {{site.konnect_short_name}}. +These are for example `KongConsumer`, `KongService`, `KongRoute` and `KongPlugin`. They are defined under `configuration.konghq.com` API group. + +They can also be used in other contexts like for instance: be used for reconciliation with {{site.kic_product_name}}. + +These objects have their {{site.konnect_short_name}} status related fields nested under `konnect` field. These fields are: + +- `controlPlaneID` is the ID of the Control Plane this entity is associated with. +- `id` is the unique identifier of the Konnect entity as assigned by Konnect API. If it's unset (empty string), it means the Konnect entity hasn't been created yet. +- `serverURL` is the URL of the Konnect server in which the entity exists. +- `organizationID` is ID of Konnect Org that this entity has been created in. + +You can observe these fields by running: + +```bash +kubectl get -o yaml | yq '.status.konnect' +``` + +You should see the following output: + +```yaml +controlPlaneID: 7dcf6756-b2e7-4067-a19b-111111111111 +id: 7dcf6756-b2e7-4067-a19b-111111111111 +organizationID: 5ca26716-02f7-4430-9117-111111111111 +serverURL: https://eu.api.konghq.com +``` From 4d792375026bbeff17fef242e1c4d64f2e813118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Tue, 29 Oct 2024 18:17:01 +0100 Subject: [PATCH 14/17] add include snippet for checking conditions --- app/_includes/md/kgo/check-condition.md | 24 +++++++ .../certificate-and-cacertificate.md | 66 ++----------------- .../consumer-and-consumergroup.md | 66 ++----------------- .../guides/konnect-entities/dpcertificate.md | 16 +---- .../guides/konnect-entities/key-and-keyset.md | 34 +--------- .../konnect-entities/service-and-route.md | 51 +------------- .../konnect-entities/tagging-and-labeling.md | 17 +---- .../konnect-entities/upstream-and-target.md | 61 ++--------------- 8 files changed, 44 insertions(+), 291 deletions(-) create mode 100644 app/_includes/md/kgo/check-condition.md diff --git a/app/_includes/md/kgo/check-condition.md b/app/_includes/md/kgo/check-condition.md new file mode 100644 index 000000000000..db54ba64a2e0 --- /dev/null +++ b/app/_includes/md/kgo/check-condition.md @@ -0,0 +1,24 @@ +{% assign name = include.name %} +{% assign kind = include.kind %} +{% assign conditionType = include.conditionType | default: "Programmed" %} +{% assign reason = include.reason | default: "Programmed" %} +{% assign generation = include.generation | default: 1 %} + +{% unless include.disableDescription %} +You can verify the `{{ kind }}` was reconciled successfully by checking its `{{ conditionType }}` condition. +{% endunless %} + +```shell +kubectl get {{ kind | downcase }} {{ name }} -o=jsonpath='{.status.conditions[?(@.type=="{{ conditionType }}")]}' | jq +``` + +The output should look similar to this: + +```console +{ + "observedGeneration": {{ generation }}, + "reason": "{{ reason }}", + "status": "True", + "type": "{{ conditionType }}" +} +``` diff --git a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md index 42da62907061..a495e7861d2c 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md @@ -62,22 +62,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongCertificate` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongcertificate cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='cert' kind='KongCertificate' %} At this point, you should see the Certificate in the Gateway Manager UI. @@ -107,37 +92,9 @@ spec: You can ensure the `KongCertificate` reference is valid by checking the `KongSNI`'s `KongCertificateRefValid` condition. -```shell -kubectl get kongsni example-sni -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongCertificateRefValid")' -``` - -The output should look similar to this: +{% include md/kgo/check-condition.md name='example-sni' kind='KongSNI' conditionType='KongCertificateRefValid' reason='Valid' disableDescription=true %} -```console -{ - "observedGeneration": 1, - "reason": "Valid", - "status": "True", - "type": "KongCertificateRefValid" -} -``` - -You can verify the `KongSNI` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongsni example-sni -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='example-sni' kind='KongSNI' %} At this point, you should see the SNI in the Certificate's SNIs in the Gateway Manager UI. @@ -181,21 +138,6 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongCACertificate` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongcacertificate ca-cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='ca-cert' kind='KongCACertificate' %} At this point, you should see the CA Certificate in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md index c012141a4d37..aa056fdb56a0 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -38,22 +38,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongConsumer` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongconsumer consumer -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='consumer' kind='KongConsumer' %} At this point, you should see the Consumer in the Gateway Manager UI. @@ -86,22 +71,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongCredentialBasicAuth` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongcredentialbasicauth basic-auth-cred -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='basic-auth-cred' kind='KongCredentialBasicAuth' %} At this point, you should see the Credential in the Consumer's Credentials in the Gateway Manager UI. @@ -130,22 +100,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongConsumerGroup` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongconsumergroup consumer-group -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='consumer-group' kind='KongConsumerGroup' %} At this point, you should see the Consumer Group in the Gateway Manager UI. @@ -178,19 +133,6 @@ spec: You can verify the `KongConsumer`'s `consumerGroups` field was reconciled successfully by checking its `KongConsumerGroupRefsValid` condition. -```shell -kubectl get kongconsumer consumer -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongConsumerGroupRefsValid")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 2, - "reason": "Valid", - "status": "True", - "type": "KongConsumerGroupRefsValid" -} -``` +{% include md/kgo/check-condition.md name='consumer' kind='KongConsumer' conditionType='KongConsumerGroupRefsValid' reason='Valid' disableDescription=true %} At this point, you should see the `consumer` Consumer in the Consumer Group members in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md index 487ae76e5fb4..8951705419e7 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md @@ -48,21 +48,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongDataPlaneClientCertificate` was reconciled successfully by checking its `Programmed` condition. -```shell -kubectl get kongdataplaneclientcertificate dp-cert -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='dp-cert' kind='KongDataPlaneClientCertificate' %} At this point, you should see the Data Plane Client Certificate in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md index e58b302aaaf4..e1db08dddd6f 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md +++ b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md @@ -59,22 +59,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongKey` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongkey key -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='key' kind='KongKey' %} At this point, you should see the Key in the Gateway Manager UI. @@ -105,22 +90,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongKeySet` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongkeyset key-set -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='key-set' kind='KongKeySet' %} At this point, you should see the Key Set in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md index fb555114ea65..41e64d4fea85 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md +++ b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md @@ -38,22 +38,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongService` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongservice service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='service' kind='KongService' %} At this point, you should see the Service in the Gateway Manager UI. @@ -90,22 +75,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongRoute` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongroute route-with-service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='route-with-service' kind='KongRoute' %} At this point, you should see the Route in the Gateway Manager UI. @@ -135,21 +105,6 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongRoute` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongroute route-without-service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='route-without-service' kind='KongRoute' %} At this point, you should see the Route in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md index 7b8ef633802a..5f00932cf708 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md +++ b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md @@ -75,21 +75,6 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongService` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongservice service -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='service' kind='KongService' %} At this point, tags should be visible in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md index 32c0c7cfa34c..9ef7a07889eb 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -37,22 +37,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the `KongUpstream` was reconciled successfully by checking its `Programmed` condition. - -```shell -kubectl get kongkey key -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` - -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='upstream' kind='KongUpstream' %} At this point, you should see the Upstream in the Gateway Manager UI. @@ -95,50 +80,14 @@ spec: You can verify both `KongTarget`s successfully were associated with the `KongUpstream` by checking their `KongUpstreamRefValid` condition. -```shell -kubectl get kongtarget target-a -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongUpstreamRefValid")' -kubectl get kongtarget target-b -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "KongUpstreamRefValid")' -``` +{% include md/kgo/check-condition.md name='target-a' kind='KongTarget' conditionType='KongUpstreamRefValid' reason='Valid' disableDescription=true %} -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Valid", - "status": "True", - "type": "KongUpstreamRefValid" -} -{ - "observedGeneration": 1, - "reason": "Valid", - "status": "True", - "type": "KongUpstreamRefValid" -} -``` +{% include md/kgo/check-condition.md name='target-b' kind='KongTarget' conditionType='KongUpstreamRefValid' reason='Valid' disableDescription=true %} You can also verify both `KongTarget`s were reconciled successfully by checking their `Programmed` condition. -```shell -kubectl get kongtarget target-a -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -kubectl get kongtarget target-b -o=jsonpath='{.status.conditions}' | jq '.[] | select(.type == "Programmed")' -``` +{% include md/kgo/check-condition.md name='target-a' kind='KongTarget' disableDescription=true %} -The output should look similar to this: - -```console -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -{ - "observedGeneration": 1, - "reason": "Programmed", - "status": "True", - "type": "Programmed" -} -``` +{% include md/kgo/check-condition.md name='target-b' kind='KongTarget' disableDescription=true %} At this point, you should see both Targets in the `upstream` Upstream in the Gateway Manager UI. From 3f077c58f843265ed8cbd36c435735fd09e2142c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Wed, 30 Oct 2024 09:39:09 +0100 Subject: [PATCH 15/17] Apply suggestions from code review Co-authored-by: Angel --- .../md/kgo/konnect-entities-prerequisites.md | 20 ++++++++-------- .../guides/konnect-entities/architecture.md | 18 +++++++------- .../certificate-and-cacertificate.md | 4 ++-- .../consumer-and-consumergroup.md | 16 ++++++------- .../guides/konnect-entities/dpcertificate.md | 4 ++-- .../konnect-entities/gatewaycontrolplane.md | 24 +++++++++---------- .../guides/konnect-entities/key-and-keyset.md | 16 ++++++------- .../konnect-entities/service-and-route.md | 14 +++++------ .../konnect-entities/tagging-and-labeling.md | 4 ++-- .../konnect-entities/upstream-and-target.md | 4 ++-- .../guides/konnect-entities/vault.md | 6 ++--- 11 files changed, 65 insertions(+), 65 deletions(-) diff --git a/app/_includes/md/kgo/konnect-entities-prerequisites.md b/app/_includes/md/kgo/konnect-entities-prerequisites.md index 6c455cfae276..e98d606f1de3 100644 --- a/app/_includes/md/kgo/konnect-entities-prerequisites.md +++ b/app/_includes/md/kgo/konnect-entities-prerequisites.md @@ -2,7 +2,7 @@
-

Before you create any Konnect entity, make sure you've installed {{site.kgo_product_name}} and created a valid KonnectAPIAuthConfiguration{% if include.with-control-plane %} and KonnectGatewayControlPlane{% endif %} in your cluster.

+

Before you create any Konnect entity, make sure you've installed {{site.kgo_product_name}} and created a valid `KonnectAPIAuthConfiguration` {% if include.with-control-plane %} and `KonnectGatewayControlPlane`{% endif %} in your cluster.

 @@ -18,11 +18,11 @@ You may create either a Personal Access Token (PAT) or a Service Account Token ( to create a `KonnectAPIAuthConfiguration` object that will be used by the {{site.kgo_product_name}} to authenticate with Konnect APIs. -### Create a Konnect API Auth Configuration +### Create a {{site.konnect_product_name}} API Auth Configuration -Depending on your preferences, you might want to create a `KonnectAPIAuthConfiguration` object with the token specified +Depending on your preferences, you can create a `KonnectAPIAuthConfiguration` object with the token specified directly in its spec or as a reference to a Kubernetes Secret. The `serverURL` field should be set to the Konnect API -URL in a region where your Konnect account is located. Please refer to the [list of available API URLs](/konnect/network/) +URL in a region where your {{site.konnect_product_name}} account is located. Please refer to the [list of available API URLs](/konnect/network/) for more information. {% navtabs token %} @@ -86,14 +86,14 @@ konnect-api-auth True https://eu.api ``` {% if include.with-control-plane %} -### Create a Gateway Control Plane +### Create a {{site.base_gateway}} Control Plane -Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a Konnect Gateway -Control Plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR +Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Gateway +control plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#konnectgatewaycontrolplane) allows you to -explicitly set a type of the Gateway Control Plane, but if you don't specify it, the default type is +explicitly set a type of the {{site.base_gateway}} control plane, but if you don't specify it, the default type is a [Self-Managed Hybrid -Gateway Control Plane](/konnect/gateway-manager/#kong-gateway-control-planes). +gateway control plane](/konnect/gateway-manager/#kong-gateway-control-planes). You can create one by applying the following YAML manifest: @@ -125,7 +125,7 @@ NAME PROGRAMMED ID ORGI gateway-control-plane True ``` -Having that in place, you will be able to reference the `gateway-control-plane` in your Konnect entities as their parent. +Having that in place, you will be able to reference the `gateway-control-plane` in your {{site.konnect_product_name}} entities as their parent. {% endif %} {% unless include.disable_accordian %} diff --git a/app/_src/gateway-operator/guides/konnect-entities/architecture.md b/app/_src/gateway-operator/guides/konnect-entities/architecture.md index 6782befd57e9..bf99409526a4 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/architecture.md +++ b/app/_src/gateway-operator/guides/konnect-entities/architecture.md @@ -2,17 +2,17 @@ title: Architecture --- -In this guide you'll learn how your Kubernetes resources are synchronized against Konnect. +In this guide you'll learn how your Kubernetes resources are synchronized against {{site.konnect_product_name}}. ## Overview -{{site.kgo_product_name}} 1.4.0 introduced support for managing Konnect entities. +{{site.kgo_product_name}} 1.4.0 introduced support for managing {{site.konnect_product_name}} entities. It is designed to allow users drive their {{site.konnect_short_name}} configuration through Kubernetes [CRDs][k8s_crds]. [k8s_crds]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/ {:.note} -> **Note:** Konnect entities management is an opt-in feature. You must +> **Note:** {{site.konnect_product_name}} entities management is an opt-in feature. You must > enable it by setting `GATEWAY_OPERATOR_ENABLE_CONTROLLER_KONNECT` environment variable to `true`. At a high level {{site.kgo_product_name}}, watches for changes in the Kubernetes cluster and synchronizes them against {{site.konnect_product_name}}. @@ -131,9 +131,9 @@ Each Kubernetes resource that is mapped to a {{site.konnect_short_name}} entity Objects that are native to {{site.konnect_short_name}} - they exist only in {{site.konnect_short_name}} - have the following `status` fields: -- `id` is the unique identifier of the Konnect entity as assigned by Konnect API. If it's unset (empty string), it means the Konnect entity hasn't been created yet. -- `serverURL` is the URL of the Konnect server in which the entity exists. -- `organizationID` is ID of Konnect Org that this entity has been created in. +- `id` is the unique identifier of the Konnect entity as assigned by {{site.konnect_product_name}} API. If it's unset (empty string), it means the {{site.konnect_product_name}} entity hasn't been created yet. +- `serverURL` is the URL of the {{site.konnect_product_name}} server in which the entity exists. +- `organizationID` is ID of {{site.konnect_product_name}} Org that this entity has been created in. You can observe these fields by running: @@ -163,9 +163,9 @@ They can also be used in other contexts like for instance: be used for reconcili These objects have their {{site.konnect_short_name}} status related fields nested under `konnect` field. These fields are: - `controlPlaneID` is the ID of the Control Plane this entity is associated with. -- `id` is the unique identifier of the Konnect entity as assigned by Konnect API. If it's unset (empty string), it means the Konnect entity hasn't been created yet. -- `serverURL` is the URL of the Konnect server in which the entity exists. -- `organizationID` is ID of Konnect Org that this entity has been created in. +- `id` is the unique identifier of the Konnect entity as assigned by {{site.konnect_product_name}} API. If it's unset (empty string), it means the {{site.konnect_product_name}} entity hasn't been created yet. +- `serverURL` is the URL of the {{site.konnect_product_name}} server in which the entity exists. +- `organizationID` is ID of {{site.konnect_product_name}} Org that this entity has been created in. You can observe these fields by running: diff --git a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md index a495e7861d2c..3f3d85470baf 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md @@ -18,7 +18,7 @@ to see all the available fields. Your `KongCertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. -It will make it part of the Gateway Control Plane's configuration. +It will make it part of the Gateway control plane's configuration. You can create a `KongCertificate` by applying the following YAML manifest: @@ -64,7 +64,7 @@ spec: {% include md/kgo/check-condition.md name='cert' kind='KongCertificate' %} -At this point, you should see the Certificate in the Gateway Manager UI. +At this point, you should see the certificate in the Gateway Manager UI. ### Assign an SNI to the Certificate diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md index aa056fdb56a0..9604f2f752e7 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -3,15 +3,15 @@ title: Consumer, Credentials and Consumer Group --- In this guide you'll learn how to use the `KongConsumer` and `KongConsumerGroup` custom resources to -manage Konnect [Consumers](/konnect/gateway-manager/configuration/#consumers) -and Consumer Groups natively from your Kubernetes cluster. +manage {{site.konnect_product_name}} [Consumers](/konnect/gateway-manager/configuration/#consumers) +and consumer groups natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} ## Create a Consumer -Creating the `KongConsumer` object in your Kubernetes cluster will provision a Konnect Consumer in +Creating the `KongConsumer` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Consumer in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongconsumer) to see all the available fields. @@ -40,12 +40,12 @@ spec: {% include md/kgo/check-condition.md name='consumer' kind='KongConsumer' %} -At this point, you should see the Consumer in the Gateway Manager UI. +At this point, you should see the consumer in the Gateway Manager UI. ## Associate the Consumer with Credentials Consumers can have credentials associated with them. You can create one of the supported credential types. Please refer -to the below Custom Resource's documentation links to learn all the available fields for each credential type. +to the below custom resource's documentation links to learn all the available fields for each credential type. - [KongCredentialBasicAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialbasicauth) - [KongCredentialKeyAuth](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongcredentialkeyauth) @@ -73,11 +73,11 @@ spec: {% include md/kgo/check-condition.md name='basic-auth-cred' kind='KongCredentialBasicAuth' %} -At this point, you should see the Credential in the Consumer's Credentials in the Gateway Manager UI. +At this point, you should see the credential in the consumer's credentials in the Gateway Manager UI. ## Create a Consumer Group -Creating the `KongConsumerGroup` object in your Kubernetes cluster will provision a Konnect Consumer Group in +Creating the `KongConsumerGroup` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} consumer group in your [Gateway Manager](/konnect/gateway-manager). Please refer to the `KongConsumerGroup` CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongconsumergroup) to see all the available fields. @@ -102,7 +102,7 @@ spec: {% include md/kgo/check-condition.md name='consumer-group' kind='KongConsumerGroup' %} -At this point, you should see the Consumer Group in the Gateway Manager UI. +At this point, you should see the consumer group in the Gateway Manager UI. ### Associate a Consumer with a Consumer Group diff --git a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md index 8951705419e7..64511658f251 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md @@ -10,12 +10,12 @@ with-control-plane=true %} ## Create a Data Plane Client Certificate -Creating the `KongDataPlaneClientCertificate` object in your Kubernetes cluster will provision a Data Plane Client Certificate in +Creating the `KongDataPlaneClientCertificate` object in your Kubernetes cluster will provision a data plane client certificate in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongdataplaneclientcertificate) to see all the available fields. Your `KongDataPlaneClientCertificate` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. -It will make it part of the Gateway Control Plane's configuration. +It will make it part of the gateway control plane's configuration. To create a `KongDataPlaneClientCertificate`, you can apply the following YAML manifest: diff --git a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md index 71749657aba2..0a77d5c5e676 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md +++ b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md @@ -8,12 +8,12 @@ Planes](/konnect/gateway-manager/#control-planes) natively from your Kubernetes {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release %} -## Creating a Self-Managed Hybrid Gateway Control Plane +## Create a Self-Managed Hybrid Gateway Control Plane -Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a Konnect Gateway -Control Plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR +Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a {{site.konnect_short_name}} Gateway +control plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#konnectgatewaycontrolplane) allows you to -explicitly set a type of the Gateway Control Plane, but if you don't specify it, the default type is +explicitly set a type of the Gateway control plane, but if you don't specify it, the default type is a [Self-Managed Hybrid Gateway Control Plane](/konnect/gateway-manager/#kong-gateway-control-planes). @@ -34,13 +34,13 @@ spec: ' | kubectl apply -f - ``` -You can see the status of the Gateway Control Plane by running: +You can see the status of the Gateway control plane by running: ```shell kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane ``` -If the Gateway Control Plane is successfully created, you should see the following output: +If the Gateway control plane is successfully created, you should see the following output: ```shell NAME PROGRAMMED ID ORGID @@ -49,7 +49,7 @@ gateway-control-plane True ``` -### Adding a Gateway Control Plane to a Control Plane Group +### Add a Gateway Control Plane to a Control Plane Group -To assign Gateway Control Planes to a Control Plane Group, you need to specify the `members` field in the `spec` section of the `KonnectGatewayControlPlane` object. +To assign Gateway control planes to a control plane group, you need to specify the `members` field in the `spec` section of the `KonnectGatewayControlPlane` object. ```yaml echo ' @@ -104,7 +104,7 @@ spec: ' | kubectl apply -f - ``` -You can check in your Gateway Manager to see if the Gateway Control Plane was successfully added to the Control Plane Group. +You can check in your Gateway Manager to see if the Gateway control plane was successfully added to the control plane group. ## Creating a Kubernetes Ingress Controller Control Plane @@ -128,13 +128,13 @@ spec: ' | kubectl apply -f - ``` -You can see the status of the Gateway Control Plane by running: +You can see the status of the Gateway control plane by running: ```shell kubectl get konnectgatewaycontrolplane kic-control-plane ``` -If the Control Plane is successfully created, you should see the following output: +If the control plane is successfully created, you should see the following output: ```shell NAME PROGRAMMED ID ORGID diff --git a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md index e1db08dddd6f..61b7351da458 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md +++ b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md @@ -3,21 +3,21 @@ title: Key and Key Set --- In this guide you'll learn how to use the `KongKey` and `KongKeySet` custom resources to -manage Konnect [Keys](/konnect/gateway-manager/configuration/#keys) -and Key Sets natively from your Kubernetes cluster. +manage {{site.konnect_product_name}} [keys](/konnect/gateway-manager/configuration/#keys) +and key sets natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} ## Create a Key -Creating the `KongKey` object in your Kubernetes cluster will provision a Konnect Key in +Creating the `KongKey` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} key in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongkey) to see all the available fields. Your `KongKey` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. -It will make it part of the Gateway Control Plane's configuration. +It will make it part of the Gateway control plane's configuration. `KongKey` supports two types of keys: JWK and PEM. You can create a PEM `KongKey` by providing `spec.pem.private_key` and `spec.pem.public_key` fields. For JWK keys, you should provide `spec.jwk` field with the JWK key string @@ -61,11 +61,11 @@ spec: {% include md/kgo/check-condition.md name='key' kind='KongKey' %} -At this point, you should see the Key in the Gateway Manager UI. +At this point, you should see the key in the Gateway Manager UI. ## Create a Key Set -Creating the `KongKeySet` object in your Kubernetes cluster will provision a Konnect Key Set in +Creating the `KongKeySet` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} key set in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongkeyset) to see all the available fields. @@ -92,7 +92,7 @@ spec: {% include md/kgo/check-condition.md name='key-set' kind='KongKeySet' %} -At this point, you should see the Key Set in the Gateway Manager UI. +At this point, you should see the key set in the Gateway Manager UI. ### Associate the Key with the Key Set @@ -155,4 +155,4 @@ The output should look similar to this: } ``` -At this point, you should see the Key associated with the Key Set in the Gateway Manager UI. +At this point, you should see the key associated with the key set in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md index 41e64d4fea85..aad91c742014 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md +++ b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md @@ -3,21 +3,21 @@ title: Service and Route --- In this guide you'll learn how to use the `KongService` and `KongRoute` custom resources to -manage Konnect [Services](/konnect/gateway-manager/configuration/#gateway-services) -and [Routes](/konnect/gateway-manager/configuration/#routes) natively from your Kubernetes cluster. +manage {{site.konnect_product_name}} [services](/konnect/gateway-manager/configuration/#gateway-services) +and [routes](/konnect/gateway-manager/configuration/#routes) natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} ## Create a Service -Creating the `KongService` object in your Kubernetes cluster will provision a Konnect Service in +Creating the `KongService` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} service in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongservice) to see all the available fields. Your `KongService` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. -It will make it part of the Gateway Control Plane's configuration. +It will make it part of the Gateway control plane's configuration. You can create a `KongService` by applying the following YAML manifest: @@ -44,7 +44,7 @@ At this point, you should see the Service in the Gateway Manager UI. ## Create a Route -Creating the `KongRoute` object in your Kubernetes cluster will provision a Konnect Route in +Creating the `KongRoute` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} route in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongroute) to see all the available fields. @@ -82,7 +82,7 @@ At this point, you should see the Route in the Gateway Manager UI. ### Associate a Route with a Gateway Control Plane You can also create a `KongRoute` that won't refer any `KongService`. In that case, you must associate it with a -`KonnectGatewayControlPlane` so that {{site.kgo_product_name}} knows what Gateway Control Plane it should be created in. +`KonnectGatewayControlPlane` so that {{site.kgo_product_name}} knows what Gateway control plane it should be created in. You can do so by applying the following YAML manifest: ```yaml @@ -107,4 +107,4 @@ spec: {% include md/kgo/check-condition.md name='route-without-service' kind='KongRoute' %} -At this point, you should see the Route in the Gateway Manager UI. +At this point, you should see the route in the Gateway Manager UI. diff --git a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md index 5f00932cf708..8c7152ec304c 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md +++ b/app/_src/gateway-operator/guides/konnect-entities/tagging-and-labeling.md @@ -32,7 +32,7 @@ spec: ' | kubectl apply -f - ``` -You can verify the Control Plane was reconciled successfully by checking its status. +You can verify the control plane was reconciled successfully by checking its status. ```shell kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane @@ -49,7 +49,7 @@ At this point, labels should be visible in the Gateway Manager UI. ## Tagging -Tags are values that you can attach to objects. All the Konnect entities that can be attached to a +Tags are values that you can attach to objects. All the {{site.konnect_product_name}} entities that can be attached to a `KonnectGatewayControlPlane` object support tagging. You can add tags to those entities by specifying the `tags` field in their `spec` section. diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md index 9ef7a07889eb..d01305d495de 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -4,14 +4,14 @@ title: Upstream and Target In this guide you'll learn how to use the `KongUpstream` and `KongTarget` custom resources to manage Konnect [Upstream](/konnect/gateway-manager/configuration/#upstreams) -and their Targets natively from your Kubernetes cluster. +and their targets natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} ## Create an Upstream -Creating the `KongUpstream` object in your Kubernetes cluster will provision a Konnect Key in +Creating the `KongUpstream` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} key in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongupstream) to see all the available fields. diff --git a/app/_src/gateway-operator/guides/konnect-entities/vault.md b/app/_src/gateway-operator/guides/konnect-entities/vault.md index 7d2a4e2617d3..1a18ac543a7a 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/vault.md +++ b/app/_src/gateway-operator/guides/konnect-entities/vault.md @@ -3,19 +3,19 @@ title: Vault --- In this guide you'll learn how to use the `KongVault` custom resource to manage -Konnect [Vault](/konnect/gateway-manager/configuration/#vaults) natively from your Kubernetes cluster. +{{site.konnect_product_name}} [Vault](/konnect/gateway-manager/configuration/#vaults) natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} ## Create a Vault -Creating the `KongVault` object in your Kubernetes cluster will provision a Konnect Vault in +Creating the `KongVault` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Vault in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/custom-resources/#kongvault) to see all the available fields. Your `KongVault` must be associated with a `KonnectGatewayControlPlane` object that you've created in your cluster. -It will make it part of the Gateway Control Plane's configuration. +It will make it part of the Gateway control plane's configuration. To create a `KongVault`, you can apply the following YAML manifest: From bd97b521b2650cf8c3c1b76efe70e6864dfb2a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Wed, 30 Oct 2024 09:47:42 +0100 Subject: [PATCH 16/17] Apply suggestions from code review Co-authored-by: Angel --- .../guides/konnect-entities/gatewaycontrolplane.md | 4 ++-- .../guides/konnect-entities/upstream-and-target.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md index 0a77d5c5e676..9bffa24b17ea 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md +++ b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md @@ -47,7 +47,7 @@ NAME PROGRAMMED ID ORGI gateway-control-plane True ``` -## Creating a Control Plane Group +## Create a Control Plane Group Gateway Manager allows you to group multiple Gateway control planes. You can create a [Control Plane Group](/konnect/gateway-manager/#control-plane-groups) by setting the `cluster_type` @@ -106,7 +106,7 @@ spec: You can check in your Gateway Manager to see if the Gateway control plane was successfully added to the control plane group. -## Creating a Kubernetes Ingress Controller Control Plane +## Create a Kubernetes Ingress Controller Control Plane To create a [Kubernetes Ingress Controller Control Plane](/konnect/gateway-manager/kic/), you need to specify the `cluster_type` field in the `spec` section of diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md index d01305d495de..23844c31cdf2 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -3,7 +3,7 @@ title: Upstream and Target --- In this guide you'll learn how to use the `KongUpstream` and `KongTarget` custom resources to -manage Konnect [Upstream](/konnect/gateway-manager/configuration/#upstreams) +manage {{site.konnect_product_name}} [upstreams](/konnect/gateway-manager/configuration/#upstreams) and their targets natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release From 3100cd5cc093baaaba1c9269b783df0f2b25d28b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Wed, 30 Oct 2024 16:52:31 +0100 Subject: [PATCH 17/17] convert headers to lowercase and remove changelog --- .../md/kgo/konnect-entities-prerequisites.md | 4 +- .../certificate-and-cacertificate.md | 4 +- .../consumer-and-consumergroup.md | 8 +- .../guides/konnect-entities/dpcertificate.md | 2 +- .../konnect-entities/gatewaycontrolplane.md | 8 +- .../guides/konnect-entities/key-and-keyset.md | 4 +- .../konnect-entities/service-and-route.md | 8 +- .../konnect-entities/upstream-and-target.md | 4 +- .../guides/konnect-entities/vault.md | 2 +- app/gateway-operator/changelog.md | 114 ------------------ 10 files changed, 22 insertions(+), 136 deletions(-) diff --git a/app/_includes/md/kgo/konnect-entities-prerequisites.md b/app/_includes/md/kgo/konnect-entities-prerequisites.md index e98d606f1de3..5c1d00c419ac 100644 --- a/app/_includes/md/kgo/konnect-entities-prerequisites.md +++ b/app/_includes/md/kgo/konnect-entities-prerequisites.md @@ -18,7 +18,7 @@ You may create either a Personal Access Token (PAT) or a Service Account Token ( to create a `KonnectAPIAuthConfiguration` object that will be used by the {{site.kgo_product_name}} to authenticate with Konnect APIs. -### Create a {{site.konnect_product_name}} API Auth Configuration +### Create a {{site.konnect_product_name}} API auth configuration Depending on your preferences, you can create a `KonnectAPIAuthConfiguration` object with the token specified directly in its spec or as a reference to a Kubernetes Secret. The `serverURL` field should be set to the Konnect API @@ -86,7 +86,7 @@ konnect-api-auth True https://eu.api ``` {% if include.with-control-plane %} -### Create a {{site.base_gateway}} Control Plane +### Create a {{site.base_gateway}} control plane Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Gateway control plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR diff --git a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md index 3f3d85470baf..774d1b8ea33a 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/certificate-and-cacertificate.md @@ -9,7 +9,7 @@ and CA Certificates natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create a Certificate +## Create a certificate Creating the `KongCertificate` object in your Kubernetes cluster will provision a Konnect Certificate in your [Gateway Manager](/konnect/gateway-manager). @@ -66,7 +66,7 @@ spec: At this point, you should see the certificate in the Gateway Manager UI. -### Assign an SNI to the Certificate +### Assign an SNI to the certificate You can assign multiple SNIs to a `KongCertificate`. To do so, you need to create a `KongSNI` object and associate it with diff --git a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md index 9604f2f752e7..825eba79bda2 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md +++ b/app/_src/gateway-operator/guides/konnect-entities/consumer-and-consumergroup.md @@ -9,7 +9,7 @@ and consumer groups natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create a Consumer +## Create a consumer Creating the `KongConsumer` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Consumer in your [Gateway Manager](/konnect/gateway-manager). @@ -42,7 +42,7 @@ spec: At this point, you should see the consumer in the Gateway Manager UI. -## Associate the Consumer with Credentials +## Associate the consumer with credentials Consumers can have credentials associated with them. You can create one of the supported credential types. Please refer to the below custom resource's documentation links to learn all the available fields for each credential type. @@ -75,7 +75,7 @@ spec: At this point, you should see the credential in the consumer's credentials in the Gateway Manager UI. -## Create a Consumer Group +## Create a consumer group Creating the `KongConsumerGroup` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} consumer group in your [Gateway Manager](/konnect/gateway-manager). Please refer to the @@ -104,7 +104,7 @@ spec: At this point, you should see the consumer group in the Gateway Manager UI. -### Associate a Consumer with a Consumer Group +### Associate a consumer with a consumer group You can associate a `KongConsumer` with a `KongConsumerGroup` by modifying the `KongConsumer` object and adding the `consumerGroups` field. This field is a list of `KongConsumerGroup` names. diff --git a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md index 64511658f251..5a9c6f943525 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md +++ b/app/_src/gateway-operator/guides/konnect-entities/dpcertificate.md @@ -8,7 +8,7 @@ Konnect [Vault](/konnect/gateway-manager/configuration/#vaults) natively from yo {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create a Data Plane Client Certificate +## Create a data plane client certificate Creating the `KongDataPlaneClientCertificate` object in your Kubernetes cluster will provision a data plane client certificate in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release diff --git a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md index 9bffa24b17ea..3fb0b1a94abf 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md +++ b/app/_src/gateway-operator/guides/konnect-entities/gatewaycontrolplane.md @@ -8,7 +8,7 @@ Planes](/konnect/gateway-manager/#control-planes) natively from your Kubernetes {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release %} -## Create a Self-Managed Hybrid Gateway Control Plane +## Create a self-managed hybrid gateway control plane Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a {{site.konnect_short_name}} Gateway control plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR @@ -47,7 +47,7 @@ NAME PROGRAMMED ID ORGI gateway-control-plane True ``` -## Create a Control Plane Group +## Create a control plane group Gateway Manager allows you to group multiple Gateway control planes. You can create a [Control Plane Group](/konnect/gateway-manager/#control-plane-groups) by setting the `cluster_type` @@ -82,7 +82,7 @@ NAME PROGRAMMED ID ORGI control-plane-group True ``` -### Add a Gateway Control Plane to a Control Plane Group +### Add a gateway control plane to a control plane group To assign Gateway control planes to a control plane group, you need to specify the `members` field in the `spec` section of the `KonnectGatewayControlPlane` object. @@ -106,7 +106,7 @@ spec: You can check in your Gateway Manager to see if the Gateway control plane was successfully added to the control plane group. -## Create a Kubernetes Ingress Controller Control Plane +## Create a Kubernetes ingress controller control plane To create a [Kubernetes Ingress Controller Control Plane](/konnect/gateway-manager/kic/), you need to specify the `cluster_type` field in the `spec` section of diff --git a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md index 61b7351da458..e0f28aa5d55a 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md +++ b/app/_src/gateway-operator/guides/konnect-entities/key-and-keyset.md @@ -63,7 +63,7 @@ spec: At this point, you should see the key in the Gateway Manager UI. -## Create a Key Set +## Create a key set Creating the `KongKeySet` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} key set in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release @@ -94,7 +94,7 @@ spec: At this point, you should see the key set in the Gateway Manager UI. -### Associate the Key with the Key Set +### Associate the key with the key set A single `KongKey` can be associated with only one `KongKeySet`. To associate a `KongKey` with a `KongKeySet`, you need to update the `KongKey` object with the `keySetRef` field. You can do this by applying the following YAML manifest: diff --git a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md index aad91c742014..a1477b47bf1f 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md +++ b/app/_src/gateway-operator/guides/konnect-entities/service-and-route.md @@ -9,7 +9,7 @@ and [routes](/konnect/gateway-manager/configuration/#routes) natively from your {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create a Service +## Create a service Creating the `KongService` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} service in your [Gateway Manager](/konnect/gateway-manager). @@ -42,7 +42,7 @@ spec: At this point, you should see the Service in the Gateway Manager UI. -## Create a Route +## Create a route Creating the `KongRoute` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} route in your [Gateway Manager](/konnect/gateway-manager). @@ -51,7 +51,7 @@ You can refer to the CR [API](/gateway-operator/{{ page.release }}/reference/cus Your `KongRoute` can either be associated with a `KongService` (and inherit the relation with a `KonnectGatewayControlPlane` from it) or be directly associated with a `KonnectGatewayControlPlane` object when referring a `KongService`. -### Associate a Route with a Service +### Associate a route with a service You can create a `KongRoute` associated with a `KongService` by applying the following YAML manifest: @@ -79,7 +79,7 @@ spec: At this point, you should see the Route in the Gateway Manager UI. -### Associate a Route with a Gateway Control Plane +### Associate a route with a gateway control plane You can also create a `KongRoute` that won't refer any `KongService`. In that case, you must associate it with a `KonnectGatewayControlPlane` so that {{site.kgo_product_name}} knows what Gateway control plane it should be created in. diff --git a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md index 23844c31cdf2..b1cb3a9ba375 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md +++ b/app/_src/gateway-operator/guides/konnect-entities/upstream-and-target.md @@ -9,7 +9,7 @@ and their targets natively from your Kubernetes cluster. {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create an Upstream +## Create an upstream Creating the `KongUpstream` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} key in your [Gateway Manager](/konnect/gateway-manager). @@ -41,7 +41,7 @@ spec: At this point, you should see the Upstream in the Gateway Manager UI. -## Create a Target +## Create a target Each `KongTarget` must be associated with a `KongUpstream` it's meant to be a backend for. For this reason, you must specify the `upstreamRef` field in the `spec` section of the `KongTarget` object. Please refer to the CR [API]( diff --git a/app/_src/gateway-operator/guides/konnect-entities/vault.md b/app/_src/gateway-operator/guides/konnect-entities/vault.md index 1a18ac543a7a..95702cb1e723 100644 --- a/app/_src/gateway-operator/guides/konnect-entities/vault.md +++ b/app/_src/gateway-operator/guides/konnect-entities/vault.md @@ -8,7 +8,7 @@ In this guide you'll learn how to use the `KongVault` custom resource to manage {% include md/kgo/konnect-entities-prerequisites.md disable_accordian=false version=page.version release=page.release with-control-plane=true %} -## Create a Vault +## Create a vault Creating the `KongVault` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Vault in your [Gateway Manager](/konnect/gateway-manager). You can refer to the CR [API](/gateway-operator/{{ page.release diff --git a/app/gateway-operator/changelog.md b/app/gateway-operator/changelog.md index 6052f3fb3637..37d631ece459 100644 --- a/app/gateway-operator/changelog.md +++ b/app/gateway-operator/changelog.md @@ -5,120 +5,6 @@ no_version: true Changelog for supported {{ site.kgo_product_name }} versions. -## 1.4.0 - -**Release Date** TBA - -### Added - -- Proper `User-Agent` header is now set on outgoing HTTP requests. - [#387](https://github.com/Kong/gateway-operator/pull/387) -- Introduce `KongPluginInstallation` CRD to allow installing custom Kong - plugins distributed as container images. - [#400](https://github.com/Kong/gateway-operator/pull/400), [#424](https://github.com/Kong/gateway-operator/pull/424), [#474](https://github.com/Kong/gateway-operator/pull/474), [#560](https://github.com/Kong/gateway-operator/pull/560), [#615](https://github.com/Kong/gateway-operator/pull/615), [#476](https://github.com/Kong/gateway-operator/pull/476) -- Extended `DataPlane` API with a possibility to specify `PodDisruptionBudget` to be - created for the `DataPlane` deployments via `spec.resources.podDisruptionBudget`. - [#464](https://github.com/Kong/gateway-operator/pull/464) -- Add `KonnectAPIAuthConfiguration` reconciler. - [#456](https://github.com/Kong/gateway-operator/pull/456) -- Add support for Konnect tokens in `Secrets` in `KonnectAPIAuthConfiguration` - reconciler. - [#459](https://github.com/Kong/gateway-operator/pull/459) -- Add `KonnectControlPlane` reconciler. - [#462](https://github.com/Kong/gateway-operator/pull/462) -- Add `KongService` reconciler for Konnect control planes. - [#470](https://github.com/Kong/gateway-operator/pull/470) -- Add `KongUpstream` reconciler for Konnect control planes. - [#593](https://github.com/Kong/gateway-operator/pull/593) -- Add `KongConsumer` reconciler for Konnect control planes. - [#493](https://github.com/Kong/gateway-operator/pull/493) -- Add `KongRoute` reconciler for Konnect control planes. - [#506](https://github.com/Kong/gateway-operator/pull/506) -- Add `KongConsumerGroup` reconciler for Konnect control planes. - [#510](https://github.com/Kong/gateway-operator/pull/510) -- Add `KongCACertificate` reconciler for Konnect CA certificates. - [#626](https://github.com/Kong/gateway-operator/pull/626) -- Add `KongCertificate` reconciler for Konnect Certificates. - [#643](https://github.com/Kong/gateway-operator/pull/643) -- Added command line flags to configure the certificate generator job's images. - [#516](https://github.com/Kong/gateway-operator/pull/516) -- Add `KongPluginBinding` reconciler for Konnect Plugins. - [#513](https://github.com/Kong/gateway-operator/pull/513), [#535](https://github.com/Kong/gateway-operator/pull/535) -- Add `KongTarget` reconciler for Konnect Targets. - [#627](https://github.com/Kong/gateway-operator/pull/627) -- Add `KongVault` reconciler for Konnect Vaults. - [#597](https://github.com/Kong/gateway-operator/pull/597) -- Add `KongKey` reconciler for Konnect Keys. - [#646](https://github.com/Kong/gateway-operator/pull/646) -- Add `KongKeySet` reconciler for Konnect KeySets. - [#657](https://github.com/Kong/gateway-operator/pull/657) -- Add `KongDataPlaneClientCertificate` reconciler for Konnect DataPlaneClientCertificates. - [#694](https://github.com/Kong/gateway-operator/pull/694) -- The `KonnectExtension` CRD has been introduced. Such a CRD can be attached - to a `DataPlane` via the extensions field to have a konnect-flavored `DataPlane`. - [#453](https://github.com/Kong/gateway-operator/pull/453), - [#578](https://github.com/Kong/gateway-operator/pull/578), - [#736](https://github.com/Kong/gateway-operator/pull/736) -- Entities created in Konnect are now labeled (or tagged for those that does not - support labels) with origin Kubernetes object's metadata: `k8s-name`, `k8s-namespace`, - `k8s-uid`, `k8s-generation`, `k8s-kind`, `k8s-group`, `k8s-version`. - [#565](https://github.com/Kong/gateway-operator/pull/565) -- Add `KongService`, `KongRoute`, `KongConsumer`, and `KongConsumerGroup` watchers - in the `KongPluginBinding` reconciler. - [#571](https://github.com/Kong/gateway-operator/pull/571) -- Annotating the following resource with the `konghq.com/plugins` annotation results in - the creation of a managed `KongPluginBinding` resource: - - `KongService` [#550](https://github.com/Kong/gateway-operator/pull/550) - - `KongRoute` [#644](https://github.com/Kong/gateway-operator/pull/644) - - `KongConsumer` [#676](https://github.com/Kong/gateway-operator/pull/676) - - `KongConsumerGroup` [#684](https://github.com/Kong/gateway-operator/pull/684) - These `KongPluginBinding`s are taken by the `KongPluginBinding` reconciler - to create the corresponding plugin objects in Konnect. -- `KongConsumer` associated with `ConsumerGroups` is now reconciled in Konnect by removing/adding - the consumer from/to the consumer groups. - [#592](https://github.com/Kong/gateway-operator/pull/592) -- Add support for `KongConsumer` credentials: - - basic-auth [#625](https://github.com/Kong/gateway-operator/pull/625) - - API key [#635](https://github.com/Kong/gateway-operator/pull/635) - - ACL [#661](https://github.com/Kong/gateway-operator/pull/661) - - JWT [#678](https://github.com/Kong/gateway-operator/pull/678) - - HMAC Auth [#687](https://github.com/Kong/gateway-operator/pull/687) -- Add support for `KongRoute`s bound directly to `KonnectGatewayControlPlane`s (serviceless routes). - [#669](https://github.com/Kong/gateway-operator/pull/669) -- Allow setting `KonnectGatewayControlPlane`s group membership - [#697](https://github.com/Kong/gateway-operator/pull/697) -- Apply Konnect-related customizations to `DataPlane`s that properly reference `KonnectExtension` - resources. - [#714](https://github.com/Kong/gateway-operator/pull/714) -- The KonnectExtension functionality is enabled only when the `--enable-controller-konnect` - flag or the `GATEWAY_OPERATOR_ENABLE_CONTROLLER_KONNECT` env var is set. - [#738](https://github.com/Kong/gateway-operator/pull/738) - -### Fixed - -- Fixed `ControlPlane` cluster wide resources not migrating to new ownership labels - (introduced in 1.3.0) when upgrading the operator form 1.2 (or older) to 1.3.0. - [#369](https://github.com/Kong/gateway-operator/pull/369) -- Requeue instead of reporting an error when a finalizer removal yields a conflict. - [#454](https://github.com/Kong/gateway-operator/pull/454) -- Requeue instead of reporting an error when a GatewayClass status update yields a conflict. - [#612](https://github.com/Kong/gateway-operator/pull/612) -- Guard object counters with checks whether CRDs for them exist - [#710](https://github.com/Kong/gateway-operator/pull/710) -- Do not reconcile Gateways nor assign any finalizers when the referred GatewayClass is not supported. - [#711](https://github.com/Kong/gateway-operator/pull/711) -- Fixed setting `ExternalTrafficPolicy` on `DataPlane`'s ingress `Service` during update and patch operations. - [#750](https://github.com/Kong/gateway-operator/pull/750) - -### Changes - -- Default version of `ControlPlane` is bumped to 3.3.1 - [#580](https://github.com/Kong/gateway-operator/pull/580) -- Default version of `DataPlane` is bumped to 3.8.0 - [#572](https://github.com/Kong/gateway-operator/pull/572) -- Gateway API has been bumped to v1.2.0 - [#674](https://github.com/Kong/gateway-operator/pull/674) - ## 1.3.0 **Release Date** 2024/06/24