+++ title = "Kong Control Plane" weight = 12 +++ #### Install Helm charts Add Kong's Helm repository ```bash helm repo add kong https://charts.konghq.com helm repo update ``` #### Install the Control Plane Install the helm chart using the following command. ```bash helm install kong kong/kong -n kong \ --set ingressController.enabled=true \ --set ingressController.installCRDs=false \ --set ingressController.image.repository=kong/kubernetes-ingress-controller \ --set ingressController.image.tag=2.0.1 \ --set image.repository=kong/kong-gateway \ --set image.tag=2.6.0.0-alpine \ --set env.database=postgres \ --set env.role=control_plane \ --set env.cluster_cert=/etc/secrets/kong-cluster-cert/tls.crt \ --set env.cluster_cert_key=/etc/secrets/kong-cluster-cert/tls.key \ --set cluster.enabled=true \ --set cluster.tls.enabled=true \ --set cluster.tls.servicePort=8005 \ --set cluster.tls.containerPort=8005 \ --set clustertelemetry.enabled=true \ --set clustertelemetry.tls.enabled=true \ --set clustertelemetry.tls.servicePort=8006 \ --set clustertelemetry.tls.containerPort=8006 \ --set proxy.enabled=true \ --set admin.enabled=true \ --set admin.http.enabled=true \ --set admin.type=LoadBalancer \ --set enterprise.enabled=true \ --set enterprise.portal.enabled=false \ --set enterprise.rbac.enabled=false \ --set enterprise.smtp.enabled=false \ --set enterprise.license_secret=kong-enterprise-license \ --set manager.enabled=true \ --set manager.type=LoadBalancer \ --set secretVolumes[0]=kong-cluster-cert \ --set postgresql.enabled=true \ --set postgresql.postgresqlUsername=kong \ --set postgresql.postgresqlDatabase=kong \ --set postgresql.postgresqlPassword=kong ``` Control Plane uses port 8005 to publish any new API configuration it has. #### Validating the Installation ```bash kubectl get all -n kong ``` **Expected Output: Completing the Kong control plane installation may take 2-3 minutes to complete.You should see output similar to following, with pods in *Running* State** ```bash NAME READY STATUS RESTARTS AGE pod/kong-kong-57c8fc768-q6xwl 2/2 Running 0 2m18s pod/kong-kong-init-migrations-gbdqp 0/1 Completed 0 2m18s pod/kong-postgresql-0 1/1 Running 0 2m18s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kong-kong-admin LoadBalancer 10.100.130.77 afa61d7bb9d6c4782807edde1a3deb57-1326257947.us-east-1.elb.amazonaws.com 8001:30197/TCP,8444:31551/TCP 2m19s service/kong-kong-cluster ClusterIP 10.100.254.35 <none> 8005/TCP 2m19s service/kong-kong-clustertelemetry ClusterIP 10.100.221.36 <none> 8006/TCP 2m19s service/kong-kong-manager LoadBalancer 10.100.170.25 ac193ee6e63714d1993f9819d40fbf3b-1889322169.us-east-1.elb.amazonaws.com 8002:32302/TCP,8445:32311/TCP 2m19s service/kong-kong-portal NodePort 10.100.135.200 <none> 8003:31791/TCP,8446:31049/TCP 2m19s service/kong-kong-portalapi NodePort 10.100.148.172 <none> 8004:31430/TCP,8447:31704/TCP 2m19s service/kong-kong-proxy LoadBalancer 10.100.243.231 a021901b01ac94cecaa12f9013ea9d0d-1495359368.us-east-1.elb.amazonaws.com 80:31273/TCP,443:31577/TCP 2m19s service/kong-postgresql ClusterIP 10.100.49.159 <none> 5432/TCP 2m19s service/kong-postgresql-headless ClusterIP None <none> 5432/TCP 2m19s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/kong-kong 1/1 1 1 2m19s NAME DESIRED CURRENT READY AGE replicaset.apps/kong-kong-57c8fc768 1 1 1 2m19s NAME READY AGE statefulset.apps/kong-postgresql 1/1 2m19s NAME COMPLETIONS DURATION AGE job.batch/kong-kong-init-migrations 1/1 42s 2m19s ``` #### Checking the Kong Konnect Rest Admin API port Use the Load Balancer created during the deployment ```bash echo "export CONTROL_PLANE_LB=$(kubectl get service kong-kong-admin \-\-output=jsonpath='{.status.loadBalancer.ingress[0].hostname}' -n kong)" >> ~/.bashrc bash ``` **NOTE: Dont miss running `bash` at the end of command above, else the value of `CONTROL_PLANE_LB` will not get loaded.** ```bash echo $CONTROL_PLANE_LB ``` ```bash curl $CONTROL_PLANE_LB:8001 | jq .version ``` **Expected Output** ``` "2.6.0.0-enterprise-edition" ``` #### Configuring Kong Manager Service Kong Manager is the Control Plane Admin GUI. It should get the Admin URI configured with the same Load Balancer address: ```bash kubectl patch deployment -n kong kong-kong -p "{\"spec\": { \"template\" : { \"spec\" : {\"containers\":[{\"name\":\"proxy\",\"env\": [{ \"name\" : \"KONG_ADMIN_API_URI\", \"value\": \"$CONTROL_PLANE_LB:8001\" }]}]}}}}" ``` #### Logging to Kong Manager Login to Kong Manager using the specific load balancer: ```bash echo "export KONG_MANAGER=$(kubectl get svc -n kong kong-kong-manager --output=jsonpath='{.status.loadBalancer.ingress[0].hostname}')" >> ~/.bashrc bash ``` ``` echo $KONG_MANAGER:8002 ``` Copy the output from above in a browser locally and you should see the Kong Manager landing page. **NOTE: Some VPNs may prevent you from viewing the landing page. If you get a white screen in browser, try disconnecting from your VPN.** 