-
Notifications
You must be signed in to change notification settings - Fork 604
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(kgo): add Konnect entities documentation (#8084)
* docs(kgo): prepare v1.4.x * docs(kgo): add intial Konnect entities documentation * docs(kgo): add Service and Route Konnect entities guide * docs(kgo): add Consumer, Credentials and ConsumerGroup Konnect entities guide * docs(kgo): add Key and KeySet Konnect entities guide * docs(kgo): add Upstream and Targets Konnect entities guide * docs(kgo): add Konnect entities tagging and labeling guide * Apply suggestions from code review Co-authored-by: Patryk Małek <[email protected]> * docs(kgo): add Konnect entities architecture overview section * docs(kgo): add Certificate and CA Certificate Konnect entities guide * docs(kgo): add Vault Konnect entity guide * docs(kgo): add DP Client Certificate entity guide * docs(kgo): add more information about Konnect related fields * add include snippet for checking conditions * Apply suggestions from code review Co-authored-by: Angel <[email protected]> * Apply suggestions from code review Co-authored-by: Angel <[email protected]> * convert headers to lowercase and remove changelog --------- Co-authored-by: Patryk Małek <[email protected]> Co-authored-by: Angel <[email protected]>
- Loading branch information
1 parent
956ff6b
commit de0a7b0
Showing
16 changed files
with
1,342 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -230,6 +230,7 @@ ElastiCache | |
elbs | ||
enablement | ||
enqueued | ||
enqueues | ||
enum | ||
env | ||
Equinix | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{% assign name = include.name %} | ||
{% assign kind = include.kind %} | ||
{% assign conditionType = include.conditionType | default: "Programmed" %} | ||
{% assign reason = include.reason | default: "Programmed" %} | ||
{% assign generation = include.generation | default: 1 %} | ||
|
||
{% unless include.disableDescription %} | ||
You can verify the `{{ kind }}` was reconciled successfully by checking its `{{ conditionType }}` condition. | ||
{% endunless %} | ||
|
||
```shell | ||
kubectl get {{ kind | downcase }} {{ name }} -o=jsonpath='{.status.conditions[?(@.type=="{{ conditionType }}")]}' | jq | ||
``` | ||
|
||
The output should look similar to this: | ||
|
||
```console | ||
{ | ||
"observedGeneration": {{ generation }}, | ||
"reason": "{{ reason }}", | ||
"status": "True", | ||
"type": "{{ conditionType }}" | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
{% unless include.disable_accordian %} | ||
<details class="custom" markdown="1"> | ||
<summary> | ||
<blockquote class="note"> | ||
<p style="cursor: pointer">Before you create any Konnect entity, make sure you've <u>installed {{site.kgo_product_name}} and created a valid `KonnectAPIAuthConfiguration` {% if include.with-control-plane %} and `KonnectGatewayControlPlane`{% endif %}</u> in your cluster.</p> | ||
</blockquote> | ||
</summary> | ||
|
||
## Prerequisites | ||
{% endunless %} | ||
|
||
{% include md/kgo/prerequisites.md disable_accordian=true version=page.version release=page.release kconf-crds=true %} | ||
|
||
### Create an access token in Konnect | ||
|
||
You may create either a Personal Access Token (PAT) or a Service Account Token (SAT) in Konnect. Please refer to the | ||
[Konnect authentication documentation](/konnect/api/#authentication) for more information. You will need this token | ||
to create a `KonnectAPIAuthConfiguration` object that will be used by the {{site.kgo_product_name}} to authenticate | ||
with Konnect APIs. | ||
|
||
### Create a {{site.konnect_product_name}} API auth configuration | ||
|
||
Depending on your preferences, you can create a `KonnectAPIAuthConfiguration` object with the token specified | ||
directly in its spec or as a reference to a Kubernetes Secret. The `serverURL` field should be set to the Konnect API | ||
URL in a region where your {{site.konnect_product_name}} account is located. Please refer to the [list of available API URLs](/konnect/network/) | ||
for more information. | ||
|
||
{% navtabs token %} | ||
{% navtab Directly in specification %} | ||
```yaml | ||
echo ' | ||
kind: KonnectAPIAuthConfiguration | ||
apiVersion: konnect.konghq.com/v1alpha1 | ||
metadata: | ||
name: konnect-api-auth | ||
namespace: default | ||
spec: | ||
type: token | ||
token: kpat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | ||
serverURL: eu.api.konghq.com | ||
' | kubectl apply -f - | ||
``` | ||
{% endnavtab %} | ||
{% navtab Stored in a Secret %} | ||
Please note that the Secret must have the `konghq.com/credential: konnect` label to make the {{site.kgo_product_name}} | ||
reconcile it. | ||
```yaml | ||
echo ' | ||
kind: KonnectAPIAuthConfiguration | ||
apiVersion: konnect.konghq.com/v1alpha1 | ||
metadata: | ||
name: konnect-api-auth | ||
namespace: default | ||
spec: | ||
type: secretRef | ||
secretRef: | ||
name: konnect-api-auth-secret | ||
serverURL: eu.api.konghq.com | ||
--- | ||
kind: Secret | ||
apiVersion: v1 | ||
metadata: | ||
name: konnect-api-auth-secret | ||
namespace: default | ||
labels: | ||
konghq.com/credential: konnect | ||
stringData: | ||
token: kpat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | ||
' | kubectl apply -f - | ||
``` | ||
{% endnavtab %} | ||
{% endnavtabs %} | ||
You can verify the `KonnectAPIAuthConfiguration` object was reconciled successfully by checking its status. | ||
```shell | ||
kubectl get konnectapiauthconfiguration konnect-api-auth | ||
``` | ||
The output should look like this: | ||
```console | ||
NAME VALID ORGID SERVERURL | ||
konnect-api-auth True <your-konnect-org-id> https://eu.api.konghq.tech | ||
``` | ||
{% if include.with-control-plane %} | ||
### Create a {{site.base_gateway}} control plane | ||
Creating the `KonnectGatewayControlPlane` object in your Kubernetes cluster will provision a {{site.konnect_product_name}} Gateway | ||
control plane in your [Gateway Manager](/konnect/gateway-manager). The `KonnectGatewayControlPlane` CR | ||
[API](/gateway-operator/{{ page.release }}/reference/custom-resources/#konnectgatewaycontrolplane) allows you to | ||
explicitly set a type of the {{site.base_gateway}} control plane, but if you don't specify it, the default type is | ||
a [Self-Managed Hybrid | ||
gateway control plane](/konnect/gateway-manager/#kong-gateway-control-planes). | ||
|
||
You can create one by applying the following YAML manifest: | ||
|
||
```yaml | ||
echo ' | ||
kind: KonnectGatewayControlPlane | ||
apiVersion: konnect.konghq.com/v1alpha1 | ||
metadata: | ||
name: gateway-control-plane | ||
namespace: default | ||
spec: | ||
name: gateway-control-plane # Name used to identify the Gateway Control Plane in Konnect | ||
konnect: | ||
authRef: | ||
name: konnect-api-auth # Reference to the KonnectAPIAuthConfiguration object | ||
' | kubectl apply -f - | ||
``` | ||
|
||
You can see the status of the Gateway Control Plane by running: | ||
|
||
```shell | ||
kubectl get konnectgatewaycontrolplanes.konnect.konghq.com gateway-control-plane | ||
``` | ||
|
||
If the Gateway Control Plane is successfully created, you should see the following output: | ||
|
||
```shell | ||
NAME PROGRAMMED ID ORGID | ||
gateway-control-plane True <konnect-control-plane-id> <your-konnect-ord-id> | ||
``` | ||
|
||
Having that in place, you will be able to reference the `gateway-control-plane` in your {{site.konnect_product_name}} entities as their parent. | ||
{% endif %} | ||
|
||
{% unless include.disable_accordian %} | ||
</details> | ||
{% endunless %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.