From da0e6a7d1b1592dbaf745324fffd0e0f13c17c7a Mon Sep 17 00:00:00 2001 From: Travis Raines <571832+rainest@users.noreply.github.com> Date: Mon, 4 Dec 2023 17:05:46 -0800 Subject: [PATCH] chore: add second set of values Update the second set of test values with actual content. The 002 values now cover the keys that move during migrations. --- .../testdata/expected/002_ingress_values.yaml | 68 + .../testdata/expected/002_kong_values.yaml | 444 +----- .../testdata/source/002_ingress_values.yaml | 86 ++ .../testdata/source/002_kong_values.yaml | 1226 +---------------- 4 files changed, 182 insertions(+), 1642 deletions(-) diff --git a/test/integration/testdata/expected/002_ingress_values.yaml b/test/integration/testdata/expected/002_ingress_values.yaml index 4fc2c35..524d873 100644 --- a/test/integration/testdata/expected/002_ingress_values.yaml +++ b/test/integration/testdata/expected/002_ingress_values.yaml @@ -9,13 +9,81 @@ env: database: "off" role: traditional ingressController: + adminApi: + tls: + client: + enabled: true deployment: + annotations: + example.com/bar: bar + example.com/foo: foo pod: annotations: kuma.io/gateway: enabled traffic.kuma.io/exclude-outbound-ports: "8444" traffic.sidecar.istio.io/excludeOutboundPorts: "8444" + container: + args: + - --dump-config + - "true" + customEnv: + FAKE: whatever + TZ: Europe/Berlin + env: + election_id: palmtree + kong_admin_tls_skip_verify: true + image: + repository: kong/kubernetes-ingress-controller + tag: "3.0" + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: false + labels: + example.com/bar: bar + example.com/foo: foo + nodeSelector: whatever + priorityClassName: whatever + securityContext: + something: whatever + terminationGracePeriodSeconds: 111 + tolerations: + fakeNonsense: idk the actual format + replicaCount: 3 enabled: true gatewayDiscovery: enabled: true generateAdminApiService: true + ingressClass: kong + konnect: + runtimeGroupID: abc123 + rbac: + create: true + watchNamespaces: + - default + - other diff --git a/test/integration/testdata/expected/002_kong_values.yaml b/test/integration/testdata/expected/002_kong_values.yaml index f11d16a..e936dc1 100644 --- a/test/integration/testdata/expected/002_kong_values.yaml +++ b/test/integration/testdata/expected/002_kong_values.yaml @@ -1,211 +1,17 @@ -admin: - annotations: {} - enabled: false - http: - containerPort: 8001 - enabled: false - parameters: [] - servicePort: 8001 - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - client: - caBundle: "" - secretName: "" - containerPort: 8444 - enabled: true - parameters: - - http2 - servicePort: 8444 - type: NodePort -autoscaling: - behavior: {} - enabled: false - maxReplicas: 5 - metrics: - - resource: - name: cpu - target: - averageUtilization: 80 - type: Utilization - type: Resource - minReplicas: 2 - targetCPUUtilizationPercentage: null -certificates: - admin: - clusterIssuer: "" - commonName: kong.example - dnsNames: [] - enabled: true - issuer: "" - cluster: - clusterIssuer: "" - commonName: kong_clustering - dnsNames: [] - enabled: true - issuer: "" - clusterIssuer: "" - enabled: false - issuer: "" - portal: - clusterIssuer: "" - commonName: developer.example - dnsNames: [] - enabled: true - issuer: "" - proxy: - clusterIssuer: "" - commonName: app.example - dnsNames: [] - enabled: true - issuer: "" -cluster: - annotations: {} - enabled: false - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - containerPort: 8005 - enabled: false - parameters: [] - servicePort: 8005 - type: ClusterIP -clusterCaSecretName: "" -clustertelemetry: - annotations: {} - enabled: false - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - containerPort: 8006 - enabled: false - parameters: [] - servicePort: 8006 - type: ClusterIP -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault -dblessConfig: - config: "" - configMap: "" - secret: "" -deployment: - daemonset: false - hostNetwork: false - hostname: "" - kong: - enabled: true - prefixDir: - sizeLimit: 256Mi - serviceAccount: - automountServiceAccountToken: false - create: true - test: - enabled: false - tmpDir: - sizeLimit: 1Gi -deploymentAnnotations: {} -enterprise: - enabled: false - portal: - enabled: false - rbac: - admin_gui_auth: basic-auth - admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret - enabled: false - session_conf_secret: kong-session-config - smtp: - admin_emails_from: none@example.com - admin_emails_reply_to: none@example.com - auth: - smtp_password_secret: CHANGEME-smtp-password - smtp_username: "" - enabled: false - portal_emails_from: none@example.com - portal_emails_reply_to: none@example.com - smtp_admin_emails: none@example.com - smtp_auth_type: "" - smtp_host: smtp.example.com - smtp_port: 587 - smtp_ssl: nil - smtp_starttls: true - vitals: - enabled: true -env: - admin_access_log: /dev/stdout - admin_error_log: /dev/stderr - admin_gui_access_log: /dev/stdout - admin_gui_error_log: /dev/stderr - database: "off" - nginx_worker_processes: "2" - portal_api_access_log: /dev/stdout - portal_api_error_log: /dev/stderr - prefix: /kong_prefix/ - proxy_access_log: /dev/stdout - proxy_error_log: /dev/stderr - router_flavor: traditional -extraConfigMaps: [] -extraLabels: {} -extraObjects: [] -extraSecrets: [] -image: - effectiveSemver: null - pullPolicy: IfNotPresent - repository: kong - tag: "3.5" ingressController: - adminApi: - tls: - client: - caSecretName: "" - certProvided: false - enabled: false - secretName: "" - admissionWebhook: - certificate: - provided: false - enabled: true - failurePolicy: Ignore - namespaceSelector: {} - port: 8080 - service: - labels: {} deployment: pod: container: - args: [] + args: + - --dump-config + - "true" + customEnv: + FAKE: whatever + TZ: Europe/Berlin env: + election_id: palmtree kong_admin_tls_skip_verify: true image: - effectiveSemver: null repository: kong/kubernetes-ingress-controller tag: "3.0" livenessProbe: @@ -228,233 +34,11 @@ ingressController: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 - resources: {} + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi enabled: true - gatewayDiscovery: - adminApiService: - name: "" - namespace: "" - enabled: false - generateAdminApiService: false - ingressClass: kong - ingressClassAnnotations: {} - konnect: - apiHostname: us.kic.api.konghq.com - enabled: false - license: - enabled: false - runtimeGroupID: "" - tlsClientCertSecretName: konnect-client-tls - rbac: - create: true - watchNamespaces: [] -lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 -livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 -manager: - annotations: {} - enabled: true - http: - containerPort: 8002 - enabled: true - parameters: [] - servicePort: 8002 - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - containerPort: 8445 - enabled: true - parameters: - - http2 - servicePort: 8445 - type: NodePort -migrations: - annotations: - sidecar.istio.io/inject: false - backoffLimit: null - jobAnnotations: {} - postUpgrade: true - preUpgrade: true - resources: {} -nodeSelector: {} -plugins: {} -podAnnotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" -podDisruptionBudget: - enabled: false -podLabels: {} -podSecurityPolicy: - annotations: {} - enabled: false - labels: {} - spec: - allowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: true - runAsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - secret - - emptyDir - - projected -portal: - annotations: {} - enabled: true - http: - containerPort: 8003 - enabled: true - parameters: [] - servicePort: 8003 - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - containerPort: 8446 - enabled: true - parameters: - - http2 - servicePort: 8446 - type: NodePort -portalapi: - annotations: {} - enabled: true - http: - containerPort: 8004 - enabled: true - parameters: [] - servicePort: 8004 - ingress: - annotations: {} - enabled: false - hostname: null - ingressClassName: null - path: / - pathType: ImplementationSpecific - labels: {} - loadBalancerClass: null - tls: - containerPort: 8447 - enabled: true - parameters: - - http2 - servicePort: 8447 - type: NodePort -postgresql: - auth: - database: kong - username: kong - enabled: false - image: - tag: 13.11.0-debian-11-r20 - service: - ports: - postgresql: "5432" -priorityClassName: "" -proxy: - annotations: {} - enabled: true - http: - containerPort: 8000 - enabled: true - parameters: [] - servicePort: 80 - ingress: - annotations: {} - enabled: false - hostname: null - hosts: [] - ingressClassName: null - labels: {} - path: / - pathType: ImplementationSpecific - labels: - enable-metrics: "true" - loadBalancerClass: null - nameOverride: "" - stream: [] - tls: - containerPort: 8443 - enabled: true - parameters: - - http2 - servicePort: 443 - type: LoadBalancer -readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 -replicaCount: 1 -resources: {} -secretVolumes: [] -securityContext: {} -serviceMonitor: - enabled: false -status: - enabled: true - http: - containerPort: 8100 - enabled: true - parameters: [] - tls: - containerPort: 8543 - enabled: false - parameters: [] -terminationGracePeriodSeconds: 30 -tolerations: [] -udpProxy: - annotations: {} - enabled: false - labels: {} - loadBalancerClass: null - stream: [] - type: LoadBalancer -updateStrategy: {} -waitImage: - enabled: true - pullPolicy: IfNotPresent diff --git a/test/integration/testdata/source/002_ingress_values.yaml b/test/integration/testdata/source/002_ingress_values.yaml index 6ad04eb..a35f2c6 100644 --- a/test/integration/testdata/source/002_ingress_values.yaml +++ b/test/integration/testdata/source/002_ingress_values.yaml @@ -4,6 +4,7 @@ deployment: controller: proxy: + # this should _not_ carry over into the migrated values.yaml nameOverride: "{{ .Release.Name }}-gateway-proxy" enabled: true @@ -14,11 +15,80 @@ controller: ingressController: enabled: true + image: + repository: kong/kubernetes-ingress-controller + tag: "3.0" + args: + - --dump-config + - "true" + + env: + kong_admin_tls_skip_verify: true + election_id: palmtree + customEnv: + TZ: "Europe/Berlin" + FAKE: "whatever" + + livenessProbe: + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: "/readyz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + + serviceAccount: "my-account" + hostNetwork: true + tmpDir: + sizeLimit: 1Gi + watchNamespaces: + - default + - other + ingressClass: "kong" + ingressClassAnnoations: + example.com/foo: foo + example.com/bar: bar + rbac: + create: true + konnect: + runtimeGroupID: abc123 + + adminApi: + tls: + client: + enabled: true + gatewayDiscovery: enabled: true generateAdminApiService: true + terminationGracePeriodSeconds: 111 + tolerations: + fakeNonsense: "idk the actual format" + nodeSelector: "whatever" + priorityClassName: "whatever" + podAnnotations: kuma.io/gateway: enabled # This port must match your Kong admin API port. 8444 is the default. @@ -27,6 +97,22 @@ controller: traffic.kuma.io/exclude-outbound-ports: "8444" traffic.sidecar.istio.io/excludeOutboundPorts: "8444" + podLabels: + example.com/foo: foo + example.com/bar: bar + + deploymentAnnotations: + example.com/foo: foo + example.com/bar: bar + + replicaCount: 3 + + securityContext: + something: "whatever" + + containerSecurityContext: + readOnlyRootFilesystem: false + gateway: enabled: true deployment: diff --git a/test/integration/testdata/source/002_kong_values.yaml b/test/integration/testdata/source/002_kong_values.yaml index 340fa11..0ff4b7a 100644 --- a/test/integration/testdata/source/002_kong_values.yaml +++ b/test/integration/testdata/source/002_kong_values.yaml @@ -1,604 +1,19 @@ -# Default values for Kong's Helm Chart. -# Declare variables to be passed into your templates. -# -# Sections: -# - Deployment parameters -# - Kong parameters -# - Ingress Controller parameters -# - Postgres sub-chart parameters -# - Miscellaneous parameters -# - Kong Enterprise parameters - -# ----------------------------------------------------------------------------- -# Deployment parameters -# ----------------------------------------------------------------------------- - -deployment: - kong: - # Enable or disable Kong itself - # Setting this to false with ingressController.enabled=true will create a - # controller-only release. - enabled: true - ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, - ## for it to be considered available. - # minReadySeconds: 60 - ## Specify the service account to create and to be assigned to the deployment / daemonset and for the migrations - serviceAccount: - create: true - # Automount the service account token. By default, this is disabled, and the token is only mounted on the controller - # container. Some sidecars require enabling this. Note that enabling this exposes Kubernetes credentials to Kong - # Lua code, increasing potential attack surface. - automountServiceAccountToken: false - ## Optionally specify the name of the service account to create and the annotations to add. - # name: - # annotations: {} - - ## Optionally specify any extra sidecar containers to be included in the deployment - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core - # sidecarContainers: - # - name: sidecar - # image: sidecar:latest - # initContainers: - # - name: initcon - # image: initcon:latest - # hostAliases: - # - ip: "127.0.0.1" - # hostnames: - # - "foo.local" - # - "bar.local" - - ## Define any volumes and mounts you want present in the Kong proxy container - # userDefinedVolumes: - # - name: "volumeName" - # emptyDir: {} - # userDefinedVolumeMounts: - # - name: "volumeName" - # mountPath: "/opt/user/dir/mount" - test: - # Enable creation of test resources for use with "helm test" - enabled: false - # Use a DaemonSet controller instead of a Deployment controller - daemonset: false - hostNetwork: false - # Set the Deployment's spec.template.hostname field. - # This propagates to Kong API endpoints that report - # the hostname, such as the admin API root and hybrid mode - # /clustering/data-planes endpoint - hostname: "" - # kong_prefix empty dir size - prefixDir: - sizeLimit: 256Mi - # tmp empty dir size - tmpDir: - sizeLimit: 1Gi -# Override namepsace for Kong chart resources. By default, the chart creates resources in the release namespace. -# This may not be desirable when using this chart as a dependency. -# namespace: "example" - -# ----------------------------------------------------------------------------- -# Kong parameters -# ----------------------------------------------------------------------------- - -# Specify Kong configuration -# This chart takes all entries defined under `.env` and transforms them into into `KONG_*` -# environment variables for Kong containers. -# Their names here should match the names used in https://github.com/Kong/kong/blob/master/kong.conf.default -# See https://docs.konghq.com/latest/configuration also for additional details -# Values here take precedence over values from other sections of values.yaml, -# e.g. setting pg_user here will override the value normally set when postgresql.enabled -# is set below. In general, you should not set values here if they are set elsewhere. -env: - database: "off" - # the chart uses the traditional router (for Kong 3.x+) because the ingress - # controller generates traditional routes. if you do not use the controller, - # you may set this to "traditional_compatible" or "expressions" to use the new - # DSL-based router - router_flavor: "traditional" - nginx_worker_processes: "2" - proxy_access_log: /dev/stdout - admin_access_log: /dev/stdout - admin_gui_access_log: /dev/stdout - portal_api_access_log: /dev/stdout - proxy_error_log: /dev/stderr - admin_error_log: /dev/stderr - admin_gui_error_log: /dev/stderr - portal_api_error_log: /dev/stderr - prefix: /kong_prefix/ - -# This section is any customer specific environments variables that doesn't require KONG_ prefix. -# These custom environment variables are typicall used in custom plugins or serverless plugins to -# access environment specific credentials or tokens. -# Example as below, uncomment if required and add additional attributes as required. -# Note that these environment variables will only apply to the proxy and init container. The ingress-controller -# container has its own customEnv section. - -# customEnv: -# api_token: -# valueFrom: -# secretKeyRef: -# key: token -# name: api_key -# client_name: testClient - -# This section can be used to configure some extra labels that will be added to each Kubernetes object generated. -extraLabels: {} - -# Specify Kong's Docker image and repository details here -image: - repository: kong - tag: "3.5" - # Kong Enterprise - # repository: kong/kong-gateway - # tag: "3.5" - - # Specify a semver version if your image tag is not one (e.g. "nightly") - effectiveSemver: - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -# Specify Kong admin API service and listener configuration -admin: - # Enable creating a Kubernetes service for the admin API - # Disabling this is recommended for most ingress controller configurations - # Enterprise users that wish to use Kong Manager with the controller should enable this - enabled: false - type: NodePort - loadBalancerClass: - # To specify annotations or labels for the admin service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - http: - # Enable plaintext HTTP listen for the admin API - # Disabling this and using a TLS listen only is recommended for most configuration - enabled: false - servicePort: 8001 - containerPort: 8001 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32080 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: [] - - tls: - # Enable HTTPS listen for the admin API - enabled: true - servicePort: 8444 - containerPort: 8444 - # Set a target port for the TLS port in the admin API service, useful when using TLS - # termination on an ELB. - # overrideServiceTargetPort: 8000 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32443 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: - - http2 - - # Specify the CA certificate to use for TLS verification of the Admin API client by: - # - secretName - the secret must contain a key named "tls.crt" with the PEM-encoded certificate. - # - caBundle (PEM-encoded certificate string). - # If both are set, caBundle takes precedence. - client: - caBundle: "" - secretName: "" - - # Kong admin ingress settings. Useful if you want to expose the Admin - # API of Kong outside the k8s cluster. - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-admin.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -# Specify Kong status listener configuration -# This listen is internal-only. It cannot be exposed through a service or ingress. -status: - enabled: true - http: - # Enable plaintext HTTP listen for the status listen - enabled: true - containerPort: 8100 - parameters: [] - - tls: - # Enable HTTPS listen for the status listen - # Kong versions prior to 2.1 do not support TLS status listens. - # This setting must remain false on those versions - enabled: false - containerPort: 8543 - parameters: [] - -# Name the kong hybrid cluster CA certificate secret -clusterCaSecretName: "" - -# Specify Kong cluster service and listener configuration -# -# The cluster service *must* use TLS. It does not support the "http" block -# available on other services. -# -# The cluster service cannot be exposed through an Ingress, as it must perform -# TLS client validation directly and is not compatible with TLS-terminating -# proxies. If you need to expose it externally, you must use "type: -# LoadBalancer" and use a TCP-only load balancer (check your Kubernetes -# provider's documentation, as the configuration required for this varies). -cluster: - enabled: false - # To specify annotations or labels for the cluster service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - tls: - enabled: false - servicePort: 8005 - containerPort: 8005 - parameters: [] - - type: ClusterIP - loadBalancerClass: - - # Kong cluster ingress settings. Useful if you want to split CP and DP - # in different clusters. - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-cluster.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -# Specify Kong proxy service configuration -proxy: - # Enable creating a Kubernetes service for the proxy - enabled: true - type: LoadBalancer - loadBalancerClass: - # Override proxy Service name - nameOverride: "" - # To specify annotations or labels for the proxy service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # If terminating TLS at the ELB, the following annotations can be used - # "service.beta.kubernetes.io/aws-load-balancer-backend-protocol": "*", - # "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled": "true", - # "service.beta.kubernetes.io/aws-load-balancer-ssl-cert": "arn:aws:acm:REGION:ACCOUNT:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX", - # "service.beta.kubernetes.io/aws-load-balancer-ssl-ports": "kong-proxy-tls", - # "service.beta.kubernetes.io/aws-load-balancer-type": "elb" - labels: - enable-metrics: "true" - - http: - # Enable plaintext HTTP listen for the proxy - enabled: true - servicePort: 80 - containerPort: 8000 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32080 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: [] - - tls: - # Enable HTTPS listen for the proxy - enabled: true - servicePort: 443 - containerPort: 8443 - # Set a target port for the TLS port in proxy service - # overrideServiceTargetPort: 8000 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32443 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: - - http2 - - # Define stream (TCP) listen - # To enable, remove "[]", uncomment the section below, and select your desired - # ports and parameters. Listens are dynamically named after their containerPort, - # e.g. "stream-9000" for the below. - # Note: although you can select the protocol here, you cannot set UDP if you - # use a LoadBalancer Service due to limitations in current Kubernetes versions. - # To proxy both TCP and UDP with LoadBalancers, you must enable the udpProxy Service - # in the next section and place all UDP stream listen configuration under it. - stream: [] - # # Set the container (internal) and service (external) ports for this listen. - # # These values should normally be the same. If your environment requires they - # # differ, note that Kong will match routes based on the containerPort only. - # - containerPort: 9000 - # servicePort: 9000 - # protocol: TCP - # # Optionally set a static nodePort if the service type is NodePort - # # nodePort: 32080 - # # Additional listen parameters, e.g. "ssl", "reuseport", "backlog=16384" - # # "ssl" is required for SNI-based routes. It is not supported on versions <2.0 - # parameters: [] - - # Kong proxy ingress settings. - # Note: You need this only if you are using another Ingress Controller - # to expose Kong outside the k8s cluster. - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # To specify annotations or labels for the ingress, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - labels: {} - # Ingress hostname - hostname: - # Ingress path (when used with hostname above). - path: / - # Each path in an Ingress is required to have a corresponding path type (when used with hostname above). (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - # Ingress hosts. Use this instead of or in combination with hostname to specify multiple ingress host configurations - hosts: [] - # - host: kong-proxy.example.com - # paths: - # # Ingress path. - # - path: /* - # # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - # pathType: ImplementationSpecific - # - host: kong-proxy-other.example.com - # paths: - # # Ingress path. - # - path: /other - # # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - # pathType: ImplementationSpecific - # backend: - # service: - # name: kong-other-proxy - # port: - # number: 80 - # - # TLS secret(s) - # tls: kong-proxy.example.com-tls - # Or if multiple hosts/secrets needs to be configured: - # tls: - # - secretName: kong-proxy.example.com-tls - # hosts: - # - kong-proxy.example.com - # - secretName: kong-proxy-other.example.com-tls - # hosts: - # - kong-proxy-other.example.com - - # Optionally specify a static load balancer IP. - # loadBalancerIP: - -# Specify Kong UDP proxy service configuration -# Currently, LoadBalancer type Services are generally limited to a single transport protocol -# Multi-protocol Services are an alpha feature as of Kubernetes 1.20: -# https://kubernetes.io/docs/concepts/services-networking/service/#load-balancers-with-mixed-protocol-types -# You should enable this Service if you proxy UDP traffic, and configure UDP stream listens under it -udpProxy: - # Enable creating a Kubernetes service for UDP proxying - enabled: false - type: LoadBalancer - loadBalancerClass: - # To specify annotations or labels for the proxy service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - # Optionally specify a static load balancer IP. - # loadBalancerIP: - - # Define stream (UDP) listen - # To enable, remove "[]", uncomment the section below, and select your desired - # ports and parameters. Listens are dynamically named after their servicePort, - # e.g. "stream-9000" for the below. - stream: [] - # # Set the container (internal) and service (external) ports for this listen. - # # These values should normally be the same. If your environment requires they - # # differ, note that Kong will match routes based on the containerPort only. - # - containerPort: 9000 - # servicePort: 9000 - # protocol: UDP - # # Optionally set a static nodePort if the service type is NodePort - # # nodePort: 32080 - # # Additional listen parameters, e.g. "ssl", "reuseport", "backlog=16384" - # # "ssl" is required for SNI-based routes. It is not supported on versions <2.0 - # parameters: [] - -# Custom Kong plugins can be loaded into Kong by mounting the plugin code -# into the file-system of Kong container. -# The plugin code should be present in ConfigMap or Secret inside the same -# namespace as Kong is being installed. -# The `name` property refers to the name of the ConfigMap or Secret -# itself, while the pluginName refers to the name of the plugin as it appears -# in Kong. -# Subdirectories (which are optional) require separate ConfigMaps/Secrets. -# "path" indicates their directory under the main plugin directory: the example -# below will mount the contents of kong-plugin-rewriter-migrations at "/opt/kong/rewriter/migrations". -plugins: {} - # configMaps: - # - pluginName: rewriter - # name: kong-plugin-rewriter - # subdirectories: - # - name: kong-plugin-rewriter-migrations - # path: migrations - # secrets: - # - pluginName: rewriter - # name: kong-plugin-rewriter -# Inject specified secrets as a volume in Kong Container at path /etc/secrets/{secret-name}/ -# This can be used to override default SSL certificates. -# Be aware that the secret name will be used verbatim, and that certain types -# of punctuation (e.g. `.`) can cause issues. -# Example configuration -# secretVolumes: -# - kong-proxy-tls -# - kong-admin-tls -secretVolumes: [] - -# Enable/disable migration jobs, and set annotations for them -migrations: - # Enable pre-upgrade migrations (run "kong migrations up") - preUpgrade: true - # Enable post-upgrade migrations (run "kong migrations finish") - postUpgrade: true - # Annotations to apply to migrations job pods - # By default, these disable service mesh sidecar injection for Istio and Kuma, - # as the sidecar containers do not terminate and prevent the jobs from completing - annotations: - sidecar.istio.io/inject: false - # Additional annotations to apply to migration jobs - # This is helpful in certain non-Helm installation situations such as GitOps - # where additional control is required around this job creation. - jobAnnotations: {} - # Optionally set a backoffLimit. If none is set, Jobs will use the cluster default - backoffLimit: - resources: {} - # Example reasonable setting for "resources": - # resources: - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - ## Optionally specify any extra sidecar containers to be included in the deployment - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core - ## Keep in mind these containers should be terminated along with the main - ## migration containers - # sidecarContainers: - # - name: sidecar - # image: sidecar:latest - -# Kong's configuration for DB-less mode -# Note: Use this section only if you are deploying Kong in DB-less mode -# and not as an Ingress Controller. -dblessConfig: - # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml) - configMap: "" - # Or Kong's configuration is managed from an existing Secret (with Key: kong.yml) - secret: "" - # Or the configuration is passed in full-text below - config: | - # # _format_version: "1.1" - # # services: - # # # Example configuration - # # # - name: example.com - # # # url: http://example.com - # # # routes: - # # # - name: example - # # # paths: - # # # - "/example" - ## Optionally specify any extra sidecar containers to be included in the - ## migration jobs - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core - # sidecarContainers: - # - name: sidecar - # image: sidecar:latest - -# ----------------------------------------------------------------------------- -# Ingress Controller parameters -# ----------------------------------------------------------------------------- - -# Kong Ingress Controller's primary purpose is to satisfy Ingress resources -# created in k8s. It uses CRDs for more fine grained control over routing and -# for Kong specific configuration. ingressController: enabled: true image: repository: kong/kubernetes-ingress-controller tag: "3.0" - # Optionally set a semantic version for version-gated features. This can normally - # be left unset. You only need to set this if your tag is not a semver string, - # such as when you are using a "next" tag. Set this to the effective semantic - # version of your tag: for example if using a "next" image for an unreleased 3.1.0 - # version, set this to "3.1.0". - effectiveSemver: - args: [] + args: + - --dump-config + - "true" - gatewayDiscovery: - enabled: false - generateAdminApiService: false - adminApiService: - namespace: "" - name: "" - - # Specify individual namespaces to watch for ingress configuration. By default, - # when no namespaces are set, the controller watches all namespaces and uses a - # ClusterRole to grant access to Kubernetes resources. When you list specific - # namespaces, the controller will watch those namespaces only and will create - # namespaced-scoped Roles for each of them. The controller will still use a - # ClusterRole for cluster-scoped resources. - # Requires controller 2.0.0 or newer. - watchNamespaces: [] - - # Specify Kong Ingress Controller configuration via environment variables env: - # The controller disables TLS verification by default because Kong - # generates self-signed certificates by default. Set this to false once you - # have installed CA-signed certificates. kong_admin_tls_skip_verify: true - # If using Kong Enterprise with RBAC enabled, uncomment the section below - # and specify the secret/key containing your admin token. - # kong_admin_token: - # valueFrom: - # secretKeyRef: - # name: CHANGEME-admin-token-secret - # key: CHANGEME-admin-token-key - - # This section is any customer specific environments variables that doesn't require CONTROLLER_ prefix. - # Example as below, uncomment if required and add additional attributes as required. - # customEnv: - # TZ: "Europe/Berlin" - - admissionWebhook: - enabled: true - failurePolicy: Ignore - port: 8080 - certificate: - provided: false - namespaceSelector: {} - # Specifiy the secretName when the certificate is provided via a TLS secret - # secretName: "" - # Specifiy the CA bundle of the provided certificate. - # This is a PEM encoded CA bundle which will be used to validate the webhook certificate. If unspecified, system trust roots on the apiserver are used. - # caBundle: - # | Add the CA bundle content here. - service: - # Specify custom labels for the validation webhook service. - labels: {} - # Tune the default Kubernetes timeoutSeconds of 10 seconds - # timeoutSeconds: 10 - - ingressClass: kong - # annotations for IngressClass resource (Kubernetes 1.18+) - ingressClassAnnotations: {} - - ## Define any volumes and mounts you want present in the ingress controller container - ## Volumes are defined above in deployment.userDefinedVolumes - # userDefinedVolumeMounts: - # - name: "volumeName" - # mountPath: "/opt/user/dir/mount" - - rbac: - # Specifies whether RBAC resources should be created - create: true + election_id: palmtree + customEnv: + TZ: "Europe/Berlin" + FAKE: "whatever" - # general properties livenessProbe: httpGet: path: "/healthz" @@ -619,623 +34,10 @@ ingressController: periodSeconds: 10 successThreshold: 1 failureThreshold: 3 - resources: {} - # Example reasonable setting for "resources": - # resources: - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - - konnect: - enabled: false - - # Specifies a Konnect Runtime Group's ID that the controller will push its data-plane config to. - runtimeGroupID: "" - - # Specifies a Konnect API hostname that the controller will use to push its data-plane config to. - # By default, this is set to US region's production API hostname. - # If you are using a different region, you can set this to the appropriate hostname (e.g. "eu.kic.api.konghq.com"). - apiHostname: "us.kic.api.konghq.com" - - # Specifies a secret that contains a client TLS certificate that the controller - # will use to authenticate against Konnect APIs. - tlsClientCertSecretName: "konnect-client-tls" - - license: - # Specifies whether the controller should fetch a license from Konnect and apply it to managed Gateways. - enabled: false - - adminApi: - tls: - client: - # Enable TLS client authentication for the Admin API. - enabled: false - - # If set to false, Helm will generate certificates for you. - # If set to true, you are expected to provide your own secret (see secretName, caSecretName). - certProvided: false - - # Client TLS certificate/key pair secret name that Ingress Controller will use to authenticate with Kong Admin API. - # If certProvided is set to false, it is optional (can be specified though if you want to force Helm to use - # a specific secret name). - secretName: "" - - # CA TLS certificate/key pair secret name that the client TLS certificate is signed by. - # If certProvided is set to false, it is optional (can be specified though if you want to force Helm to use - # a specific secret name). - caSecretName: "" - - -# ----------------------------------------------------------------------------- -# Postgres sub-chart parameters -# ----------------------------------------------------------------------------- - -# Kong can run without a database or use either Postgres or Cassandra -# as a backend datatstore for it's configuration. -# By default, this chart installs Kong without a database. - -# If you would like to use a database, there are two options: -# - (recommended) Deploy and maintain a database and pass the connection -# details to Kong via the `env` section. -# - You can use the below `postgresql` sub-chart to deploy a database -# along-with Kong as part of a single Helm release. Running a database -# independently is recommended for production, but the built-in Postgres is -# useful for quickly creating test instances. - -# PostgreSQL chart documentation: -# https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -# -# WARNING: by default, the Postgres chart generates a random password each -# time it upgrades, which breaks access to existing volumes. You should set a -# password explicitly: -# https://github.com/Kong/charts/blob/main/charts/kong/FAQs.md#kong-fails-to-start-after-helm-upgrade-when-postgres-is-used-what-do-i-do - -postgresql: - enabled: false - auth: - username: kong - database: kong - image: - # use postgres < 14 until is https://github.com/Kong/kong/issues/8533 resolved and released - # enterprise (kong-gateway) supports postgres 14 - tag: 13.11.0-debian-11-r20 - service: - ports: - postgresql: "5432" - -# ----------------------------------------------------------------------------- -# Configure cert-manager integration -# ----------------------------------------------------------------------------- - -certificates: - enabled: false - - # Set either `issuer` or `clusterIssuer` to the name of the desired cert manager issuer - # If left blank a built in self-signed issuer will be created and utilized - issuer: "" - clusterIssuer: "" - - # Set proxy.enabled to true to issue default kong-proxy certificate with cert-manager - proxy: - enabled: true - # Set `issuer` or `clusterIssuer` to name of alternate cert-manager clusterIssuer to override default - # self-signed issuer. - issuer: "" - clusterIssuer: "" - # Use commonName and dnsNames to set the common name and dns alt names which this - # certificate is valid for. Wildcard records are supported by the included self-signed issuer. - commonName: "app.example" - # Remove the "[]" and uncomment/change the examples to add SANs - dnsNames: [] - # - "app.example" - # - "*.apps.example" - # - "*.kong.example" - - # Set admin.enabled true to issue kong admin api and manager certificate with cert-manager - admin: - enabled: true - # Set `issuer` or `clusterIssuer` to name of alternate cert-manager clusterIssuer to override default - # self-signed issuer. - issuer: "" - clusterIssuer: "" - # Use commonName and dnsNames to set the common name and dns alt names which this - # certificate is valid for. Wildcard records are supported by the included self-signed issuer. - commonName: "kong.example" - # Remove the "[]" and uncomment/change the examples to add SANs - dnsNames: [] - # - "manager.kong.example" - - # Set portal.enabled to true to issue a developer portal certificate with cert-manager - portal: - enabled: true - # Set `issuer` or `clusterIssuer` to name of alternate cert-manager clusterIssuer to override default - # self-signed issuer. - issuer: "" - clusterIssuer: "" - # Use commonName and dnsNames to set the common name and dns alt names which this - # certificate is valid for. Wildcard records are supported by the included self-signed issuer. - commonName: "developer.example" - # Remove the "{}" and uncomment/change the examples to add SANs - dnsNames: [] - # - "manager.kong.example" - - # Set cluster.enabled true to issue kong hybrid mtls certificate with cert-manager - cluster: - enabled: true - # Issuers used by the control and data plane releases must match for this certificate. - issuer: "" - clusterIssuer: "" - commonName: "kong_clustering" - dnsNames: [] - -# ----------------------------------------------------------------------------- -# Miscellaneous parameters -# ----------------------------------------------------------------------------- - -waitImage: - # Wait for the database to come online before starting Kong or running migrations - # If Kong is to access the database through a service mesh that injects a sidecar to - # Kong's container, this must be disabled. Otherwise there'll be a deadlock: - # InitContainer waiting for DB access that requires the sidecar, and the sidecar - # waiting for InitContainers to finish. - enabled: true - # Optionally specify an image that provides bash for pre-migration database - # checks. If none is specified, the chart uses the Kong image. The official - # Kong images provide bash - # repository: bash - # tag: 5 - pullPolicy: IfNotPresent - -# update strategy -updateStrategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: "100%" - # maxUnavailable: "0%" - -# If you want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -resources: {} - # limits: - # cpu: 1 - # memory: 2G - # requests: - # cpu: 1 - # memory: 2G - -# readinessProbe for Kong pods -readinessProbe: - httpGet: - path: "/status/ready" - port: status - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -# livenessProbe for Kong pods -livenessProbe: - httpGet: - path: "/status" - port: status - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -# startupProbe for Kong pods -# startupProbe: -# httpGet: -# path: "/status" -# port: status -# scheme: HTTP -# initialDelaySeconds: 5 -# timeoutSeconds: 5 -# periodSeconds: 2 -# successThreshold: 1 -# failureThreshold: 40 - -# Proxy container lifecycle hooks -# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ -lifecycle: - preStop: - exec: - # kong quit has a default timeout of 10 seconds, and a default wait of 0 seconds. - # Note: together they should be less than the terminationGracePeriodSeconds setting below. - command: - - kong - - quit - - '--wait=15' - -# Sets the termination grace period for pods spawned by the Kubernetes Deployment. -# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution -terminationGracePeriodSeconds: 30 - -# Affinity for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -# affinity: {} - -# Topology spread constraints for pod assignment (requires Kubernetes >= 1.19) -# Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -# topologySpreadConstraints: [] - -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Node labels for pod assignment -# Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -# Annotation to be added to Kong pods -podAnnotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - -# Labels to be added to Kong pods -podLabels: {} - -# Kong pod count. -# It has no effect when autoscaling.enabled is set to true -replicaCount: 1 - -# Annotations to be added to Kong deployment -deploymentAnnotations: {} - -# Enable autoscaling using HorizontalPodAutoscaler -# When configuring an HPA, you must set resource requests on all containers via -# "resources" and, if using the controller, "ingressController.resources" in values.yaml -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - behavior: {} - ## targetCPUUtilizationPercentage only used if the cluster doesn't support autoscaling/v2 or autoscaling/v2beta - targetCPUUtilizationPercentage: - ## Otherwise for clusters that do support autoscaling/v2 or autoscaling/v2beta, use metrics - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - -# Kong Pod Disruption Budget -podDisruptionBudget: - enabled: false - # Uncomment only one of the following when enabled is set to true - # maxUnavailable: "50%" - # minAvailable: "50%" - -podSecurityPolicy: - enabled: false - labels: {} - annotations: {} - spec: - privileged: false - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - runAsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'projected' - allowPrivilegeEscalation: false - hostNetwork: false - hostIPC: false - hostPID: false - # Make the root filesystem read-only. This is not compatible with Kong Enterprise <1.5. - # If you use Kong Enterprise <1.5, this must be set to false. - readOnlyRootFilesystem: true - - -priorityClassName: "" - -# securityContext for Kong pods. -securityContext: {} - -# securityContext for containers. -containerSecurityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - -## Optional DNS configuration for Kong pods -# dnsPolicy: ClusterFirst -# dnsConfig: -# nameservers: -# - "10.100.0.10" -# options: -# - name: ndots -# value: "5" -# searches: -# - default.svc.cluster.local -# - svc.cluster.local -# - cluster.local -# - us-east-1.compute.internal - -serviceMonitor: - # Specifies whether ServiceMonitor for Prometheus operator should be created - # If you wish to gather metrics from a Kong instance with the proxy disabled (such as a hybrid control plane), see: - # https://github.com/Kong/charts/blob/main/charts/kong/README.md#prometheus-operator-integration - enabled: false - # interval: 30s - # Specifies namespace, where ServiceMonitor should be installed - # namespace: monitoring - # labels: - # foo: bar - # targetLabels: - # - foo - - # honorLabels: false - # metricRelabelings: [] - -# ----------------------------------------------------------------------------- -# Kong Enterprise parameters -# ----------------------------------------------------------------------------- - -# Toggle Kong Enterprise features on or off -# RBAC and SMTP configuration have additional options that must all be set together -# Other settings should be added to the "env" settings below -enterprise: - enabled: false - # Kong Enterprise license secret name - # This secret must contain a single 'license' key, containing your base64-encoded license data - # The license secret is required to unlock all Enterprise features. If you omit it, - # Kong will run in free mode, with some Enterprise features disabled. - # license_secret: kong-enterprise-license - vitals: - enabled: true - portal: - enabled: false - rbac: - enabled: false - admin_gui_auth: basic-auth - # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key - # The key value must be a secret configuration, following the example at - # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions - session_conf_secret: kong-session-config - # If admin_gui_auth is not set to basic-auth, provide a secret name which - # has an admin_gui_auth_conf key containing the plugin config JSON - admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret - # For configuring emails and SMTP, please read through: - # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/smtp - # https://docs.konghq.com/enterprise/latest/kong-manager/networking/email - smtp: - enabled: false - portal_emails_from: none@example.com - portal_emails_reply_to: none@example.com - admin_emails_from: none@example.com - admin_emails_reply_to: none@example.com - smtp_admin_emails: none@example.com - smtp_host: smtp.example.com - smtp_port: 587 - smtp_auth_type: '' - smtp_ssl: nil - smtp_starttls: true - auth: - # If your SMTP server does not require authentication, this section can - # be left as-is. If smtp_username is set to anything other than an empty - # string, you must create a Secret with an smtp_password key containing - # your SMTP password and specify its name here. - smtp_username: '' # e.g. postmaster@example.com - smtp_password_secret: CHANGEME-smtp-password - -manager: - # Enable creating a Kubernetes service for Kong Manager - enabled: true - type: NodePort - loadBalancerClass: - # To specify annotations or labels for the Manager service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - http: - # Enable plaintext HTTP listen for Kong Manager - enabled: true - servicePort: 8002 - containerPort: 8002 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32080 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: [] - - tls: - # Enable HTTPS listen for Kong Manager - enabled: true - servicePort: 8445 - containerPort: 8445 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32443 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: - - http2 - - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-manager.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -portal: - # Enable creating a Kubernetes service for the Developer Portal - enabled: true - type: NodePort - loadBalancerClass: - # To specify annotations or labels for the Portal service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - http: - # Enable plaintext HTTP listen for the Developer Portal - enabled: true - servicePort: 8003 - containerPort: 8003 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32080 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: [] - - tls: - # Enable HTTPS listen for the Developer Portal - enabled: true - servicePort: 8446 - containerPort: 8446 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32443 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: - - http2 - - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-portal.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -portalapi: - # Enable creating a Kubernetes service for the Developer Portal API - enabled: true - type: NodePort - loadBalancerClass: - # To specify annotations or labels for the Portal API service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - http: - # Enable plaintext HTTP listen for the Developer Portal API - enabled: true - servicePort: 8004 - containerPort: 8004 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32080 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: [] - - tls: - # Enable HTTPS listen for the Developer Portal API - enabled: true - servicePort: 8447 - containerPort: 8447 - # Set a nodePort which is available if service type is NodePort - # nodePort: 32443 - # Additional listen parameters, e.g. "reuseport", "backlog=16384" - parameters: - - http2 - - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-portalapi.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -clustertelemetry: - enabled: false - # To specify annotations or labels for the cluster telemetry service, add them to the respective - # "annotations" or "labels" dictionaries below. - annotations: {} - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - labels: {} - - tls: - enabled: false - servicePort: 8006 - containerPort: 8006 - parameters: [] - - type: ClusterIP - loadBalancerClass: - - # Kong clustertelemetry ingress settings. Useful if you want to split - # CP and DP in different clusters. - ingress: - # Enable/disable exposure using ingress. - enabled: false - ingressClassName: - # TLS secret name. - # tls: kong-clustertelemetry.example.com-tls - # Ingress hostname - hostname: - # Map of ingress annotations. - annotations: {} - # Ingress path. - path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) - pathType: ImplementationSpecific - -extraConfigMaps: [] -# extraConfigMaps: -# - name: my-config-map -# mountPath: /mount/to/my/location -# subPath: my-subpath # Optional, if you wish to mount a single key and not the entire ConfigMap - -extraSecrets: [] -# extraSecrets: -# - name: my-secret -# mountPath: /mount/to/my/location -# subPath: my-subpath # Optional, if you wish to mount a single key and not the entire ConfigMap - -extraObjects: [] -# extraObjects: -# - apiVersion: configuration.konghq.com/v1 -# kind: KongClusterPlugin -# metadata: -# name: prometheus -# config: -# per_consumer: false -# plugin: prometheus + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi