コンテンツにスキップ
|
1.2.x
report-issue問題を報告する

このページは、まだ日本語ではご利用いただけません。翻訳中です。

旧バージョンのドキュメントを参照しています。 最新のドキュメントはこちらをご参照ください。

Create a Gateway

Creating GatewayClass and Gateway resources in Kubernetes causes Kong Gateway Operator to create a Kong Ingress Controller and Kong Gateway deployment.

GatewayConfiguration

You can customize your Kong Ingress Controller and Kong Gateway deployments using the GatewayConfiguration CRD. This allows you to control the image being used, and set any required environment variables. If you are creating a KIC in Konnect deployment, you need to customize the deployment to contain your control plane ID and authentication certificate.

To get the endpoint and the authentication details of the data plane.

  1. Log in to Konnect.
  2. Navigate to runtimes icon Gateway Manager, click New Control Plane and select Kong Ingress Controller.
  3. Enter a name for your new control plane.
  4. In the Connect to KIC section, click Generate Script.
  5. Click Generate Certificate in step 3.
  6. Save the contents of Cluster Certificate in a file named tls.crt. Save the contents of Cluster Key in a file named tls.key.

  7. Create a Kubernetes secret containing the cluster certificate:

     kubectl create secret tls konnect-client-tls --cert=./tls.crt --key=./tls.key
  8. In the Install the KIC step 4, find the value of controlPlaneID. Replace YOUR_CP_ID with the control plane ID in the following manifest.
  9. In the Install the KIC step 4, find the value of cluster_telemetry_endpoint. The first segment of that value is the control plane endpoint for your cluster. For example, if the value of cluster_telemetry_endpoint is 36fc5d01be.us.cp0.konghq.com, then the control plane endpoint of the cluster is 36fc5d01be. Replace YOUR_CP_ENDPOINT with your control plane ID in the following manifest.

  10. Deploy the data plane with kubectl apply:

     echo 'kind: GatewayConfiguration
 apiVersion: gateway-operator.konghq.com/v1beta1
 metadata:
   name: kong
   namespace: default
 spec:
   controlPlaneOptions:
     deployment:
       podTemplateSpec:
         spec:
           containers:
           - name: controller
             image: kong/kubernetes-ingress-controller:3.4.4
             env:
               - name: CONTROLLER_KONNECT_ADDRESS
                 value: https://us.kic.api.konghq.com
               - name: CONTROLLER_KONNECT_LICENSING_ENABLED
                 value: "true"
               - name: CONTROLLER_KONNECT_RUNTIME_GROUP_ID
                 value: YOUR_CP_ID
               - name: CONTROLLER_KONNECT_SYNC_ENABLED
                 value: "true"
               - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT
                 valueFrom:
                   secretKeyRef:
                     key: tls.crt
                     name: konnect-client-tls
               - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY
                 valueFrom:
                   secretKeyRef:
                     key: tls.key
                     name: konnect-client-tls
             volumeMounts:
               - name: cluster-certificate
                 mountPath: /var/cluster-certificate
           volumes:
           - name: cluster-certificate
   dataPlaneOptions:
     deployment:
       podTemplateSpec:
         spec:
           containers:
           - name: proxy
             image: kong/kong-gateway:3.10.0.1
             env:
               - name: KONG_DATABASE
                 value: "off"
               - name: KONG_CLUSTER_CONTROL_PLANE
                 value: YOUR_CP_ENDPOINT.us.cp0.konghq.com:443
               - name: KONG_CLUSTER_SERVER_NAME
                 value: YOUR_CP_ENDPOINT.us.cp0.konghq.com
               - name: KONG_CLUSTER_TELEMETRY_ENDPOINT
                 value: YOUR_CP_ENDPOINT.us.tp0.konghq.com:443
               - name: KONG_CLUSTER_TELEMETRY_SERVER_NAME
                 value: YOUR_CP_ENDPOINT.us.tp0.konghq.com
               - name: KONG_CLUSTER_MTLS
                 value: pki
               - name: KONG_CLUSTER_CERT
                 value: /etc/secrets/konnect-client-tls/tls.crt
               - name: KONG_CLUSTER_CERT_KEY
                 value: /etc/secrets/konnect-client-tls/tls.key
               - name: KONG_LUA_SSL_TRUSTED_CERTIFICATE
                 value: system
               - name: KONG_KONNECT_MODE
                 value: "on"
               - name: KONG_VITALS
                 value: "off"
             volumeMounts:
               - name: cluster-certificate
                 mountPath: /var/cluster-certificate
               - name: konnect-client-tls
                 mountPath: /etc/secrets/konnect-client-tls/
                 readOnly: true
           volumes:
           - name: cluster-certificate
           - name: konnect-client-tls
             secret:
               secretName: konnect-client-tls
               defaultMode: 420' | kubectl apply -f -

Use the following example to customize the log level of Kong Ingress Controller:

echo 'kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v1beta1
metadata:
  name: kong
  namespace: default
spec:
  dataPlaneOptions:
    deployment:
      podTemplateSpec:
        spec:
          containers:
          - name: proxy
            image: kong:3.9.0
  controlPlaneOptions:
    deployment:
      podTemplateSpec:
        spec:
          containers:
          - name: controller
            image: kong/kubernetes-ingress-controller:3.4.4
            env:
            - name: CONTROLLER_LOG_LEVEL
              value: debug' | kubectl apply -f -

The results should look like this:

gatewayconfiguration.gateway-operator.konghq.com/kong created

GatewayClass

To use the Gateway API resources to configure your routes, you need to create a GatewayClass instance and create a Gateway resource that listens on the ports that you need.

echo '
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: kong
spec:
  controllerName: konghq.com/gateway-operator
  parametersRef:
    group: gateway-operator.konghq.com
    kind: GatewayConfiguration
    name: kong
    namespace: default
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: kong
  namespace: default
spec:
  gatewayClassName: kong
  listeners:
  - name: http
    protocol: HTTP
    port: 80' | kubectl apply -f -

The results should look like this:

gatewayclass.gateway.networking.k8s.io/kong created
gateway.gateway.networking.k8s.io/kong created

You can verify that everything works by checking the Gateway resource via kubectl:

kubectl get gateway kong -o wide

You should see the following output:

NAME   CLASS   ADDRESS        PROGRAMMED   AGE
kong   kong    172.18.0.102   True         9m5s

If the Gateway has Programmed condition set to True then you can visit Konnect and see your configuration being synced by Kong Ingress Controller.