Service object client_certificate property through declarative config?

Hey everyone,

I need to configure client certificate to use while establishing connection with upstream server. According to this documentation: https://docs.konghq.com/2.1.x/admin-api/, I can do it by setting client_certificate property in Server object.

How can I set same in declarative config? I will need to set cert and key for it using declarative config.

Any help is appreciated. Thanks

You can do it the same way. In your declarative config file, you can add a Certificate in the certificates: section, and then reference its id in the client_certificate attribute of the Service in the services: section. Something like this:

certificates:
- id: 7fca84d6-7d37-4a74-a7b0-93e576089a41
  cert: |
    -----BEGIN CERTIFICATE-----
    <...>

<...>

services:
- name: myservice
  client_certificate: 7fca84d6-7d37-4a74-a7b0-93e576089a41
  <...>

An easy way to get a complete example is to set up a development machine running Kong in DB mode, set the Certificate and the Service using the Admin API, and then run kong config db_export to get a YAML produced with the complete configuration.

Or you can run Kong in Hybrid Mode, which will essentially do that for you: you can setup the configuration in the Control Plane node using the Admin API, and then the Data Plane node will run the configuration using an auto-generated declarative config sent from the Control Plane.