diff --git a/.gitattributes b/.gitattributes index d2c3880fd1..f2bc887c73 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,5 +1,6 @@ **/zz_generated*.go linguist-generated=true pkg/clientset/** linguist-generated=true deploy/single/** linguist-generated=true +test/e2e/manifests/** linguist-generated=true docs/api-reference.md linguist-generated=true internal/dataplane/parser/testdata/golden/**/*_golden.yaml linguist-generated=true diff --git a/CHANGELOG.md b/CHANGELOG.md index a993c19b03..4ac68eb411 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -117,10 +117,9 @@ Adding a new version? You'll need three changes: - `deploy/single/all-in-one-dbless-legacy.yaml` manifest is removed. It was already deprecated in 2.9 [#4866](https://github.com/Kong/kubernetes-ingress-controller/pull/4866) -- `deploy/single/all-in-one-dbless-enterprise.yaml` manifest is removed. - It's nearly identical to `deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml` - which is used in the official docs. - [#4873](https://github.com/Kong/kubernetes-ingress-controller/pull/4873) +- All manifests from `deploy/single` are no longer supported as installation + method and were removed, please use Helm chart or Kong Gateway Operator instead. + [#4866](https://github.com/Kong/kubernetes-ingress-controller/pull/4866), [#4873](https://github.com/Kong/kubernetes-ingress-controller/pull/4873), [#4970](https://github.com/Kong/kubernetes-ingress-controller/pull/4970), - Credentials now use a `konghq.com/credential` label to indicate credential type instead of the `kongCredType` field. This allows controller compontents to avoid caching unnecessary Secrets. The `kongCredType` field is diff --git a/README.md b/README.md index 1cc71b1998..40ced37632 100644 --- a/README.md +++ b/README.md @@ -44,15 +44,11 @@ a hosted Kubernetes service like [GKE](https://cloud.google.com/kubernetes-engin Setting up Kong for Kubernetes is as simple as: ```shell -# using YAMLs -$ kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/latest/deploy/single/all-in-one-dbless.yaml +# Using Helm +helm repo add kong https://charts.konghq.com +helm repo update -# or using Helm -$ helm repo add kong https://charts.konghq.com -$ helm repo update - -# Helm 3 -$ helm install kong/kong --generate-name --set ingressController.installCRDs=false +helm install kong/kong --generate-name --set ingressController.installCRDs=false ``` Once installed, please follow the [Getting Started guide][docs-konghq-getting-started-guide] diff --git a/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml b/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml index 8249ae3b21..45cdb57fc7 100644 --- a/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml +++ b/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml @@ -1,2257 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-admin - namespace: kong -spec: - clusterIP: None - ports: - - name: admin - port: 8444 - protocol: TCP - targetPort: 8444 - selector: - app: proxy-kong ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: proxy-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: CONTROLLER_KONG_ADMIN_SVC - value: kong/kong-admin - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: proxy-kong - name: proxy-kong - namespace: kong -spec: - replicas: 2 - selector: - matchLabels: - app: proxy-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: proxy-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong/kong-gateway:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - imagePullSecrets: - - name: kong-enterprise-edition-docker - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/deploy/single/all-in-one-dbless-konnect-enterprise.yaml b/deploy/single/all-in-one-dbless-konnect-enterprise.yaml index 7de3392996..53aa0330a0 100644 --- a/deploy/single/all-in-one-dbless-konnect-enterprise.yaml +++ b/deploy/single/all-in-one-dbless-konnect-enterprise.yaml @@ -1,2265 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-dbless-konnect-enterprise.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-admin - namespace: kong -spec: - clusterIP: None - ports: - - name: admin - port: 8444 - protocol: TCP - targetPort: 8444 - selector: - app: proxy-kong ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: proxy-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: CONTROLLER_KONNECT_SYNC_ENABLED - value: "true" - - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT - valueFrom: - secretKeyRef: - key: tls.crt - name: konnect-client-tls - - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY - valueFrom: - secretKeyRef: - key: tls.key - name: konnect-client-tls - - name: CONTROLLER_KONG_ADMIN_SVC - value: kong/kong-admin - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - envFrom: - - configMapRef: - name: konnect-config - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: proxy-kong - name: proxy-kong - namespace: kong -spec: - replicas: 2 - selector: - matchLabels: - app: proxy-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: proxy-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong/kong-gateway:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/deploy/single/all-in-one-dbless-konnect.yaml b/deploy/single/all-in-one-dbless-konnect.yaml index 5e9b0e4030..49081f1b6a 100644 --- a/deploy/single/all-in-one-dbless-konnect.yaml +++ b/deploy/single/all-in-one-dbless-konnect.yaml @@ -1,2267 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-dbless-konnect.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-admin - namespace: kong -spec: - clusterIP: None - ports: - - name: admin - port: 8444 - protocol: TCP - targetPort: 8444 - selector: - app: proxy-kong ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: proxy-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.kuma.io/exclude-outbound-ports: "8444" - traffic.sidecar.istio.io/excludeOutboundPorts: "8444" - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: CONTROLLER_KONNECT_SYNC_ENABLED - value: "true" - - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT - valueFrom: - secretKeyRef: - key: tls.crt - name: konnect-client-tls - - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY - valueFrom: - secretKeyRef: - key: tls.key - name: konnect-client-tls - - name: CONTROLLER_KONG_ADMIN_SVC - value: kong/kong-admin - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - envFrom: - - configMapRef: - name: konnect-config - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: proxy-kong - name: proxy-kong - namespace: kong -spec: - replicas: 2 - selector: - matchLabels: - app: proxy-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: proxy-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/deploy/single/all-in-one-dbless.yaml b/deploy/single/all-in-one-dbless.yaml index 239dbde7f0..7dedcb373e 100644 --- a/deploy/single/all-in-one-dbless.yaml +++ b/deploy/single/all-in-one-dbless.yaml @@ -1,2252 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-dbless.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-admin - namespace: kong -spec: - clusterIP: None - ports: - - name: admin - port: 8444 - protocol: TCP - targetPort: 8444 - selector: - app: proxy-kong ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: proxy-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.kuma.io/exclude-outbound-ports: "8444" - traffic.sidecar.istio.io/excludeOutboundPorts: "8444" - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: CONTROLLER_KONG_ADMIN_SVC - value: kong/kong-admin - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: proxy-kong - name: proxy-kong - namespace: kong -spec: - replicas: 2 - selector: - matchLabels: - app: proxy-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: proxy-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/deploy/single/all-in-one-postgres-enterprise.yaml b/deploy/single/all-in-one-postgres-enterprise.yaml index 1084fe82d8..c0fa24b066 100644 --- a/deploy/single/all-in-one-postgres-enterprise.yaml +++ b/deploy/single/all-in-one-postgres-enterprise.yaml @@ -1,2382 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-postgres-enterprise.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-admin - namespace: kong -spec: - externalTrafficPolicy: Local - ports: - - name: admin - port: 80 - protocol: TCP - targetPort: 8001 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-manager - namespace: kong -spec: - externalTrafficPolicy: Local - ports: - - name: manager - port: 80 - protocol: TCP - targetPort: 8002 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: v1 -kind: Service -metadata: - name: postgres - namespace: kong -spec: - ports: - - name: pgql - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - app: postgres ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_ADMIN_API_URI - value: set-me - - name: KONG_ADMIN_GUI_AUTH - value: basic-auth - - name: KONG_ENFORCE_RBAC - value: "on" - - name: KONG_ADMIN_GUI_SESSION_CONF - value: '{"cookie_secure":false,"storage":"kong","cookie_name":"admin_session","cookie_lifetime":31557600,"cookie_samesite":"off","secret":"please-change-me"}' - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8001, 0.0.0.0:8444 ssl - - name: KONG_DATABASE - value: postgres - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PASSWORD - value: kong - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong/kong-gateway:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8001 - name: admin - protocol: TCP - - containerPort: 8002 - name: manager - protocol: TCP - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_TOKEN - valueFrom: - secretKeyRef: - key: password - name: kong-enterprise-superuser-password - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - imagePullSecrets: - - name: kong-enterprise-edition-docker - initContainers: - - command: - - /bin/bash - - -c - - while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; - sleep 2; done; - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PASSWORD - value: kong - image: kong/kong-gateway:3.4 - name: wait-for-migrations - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgres - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: postgres - serviceName: postgres - template: - metadata: - labels: - app: postgres - spec: - containers: - - env: - - name: POSTGRES_USER - value: kong - - name: POSTGRES_PASSWORD - value: kong - - name: POSTGRES_DB - value: kong - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - image: postgres:9.5 - name: postgres - ports: - - containerPort: 5432 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: datadir - subPath: pgdata - terminationGracePeriodSeconds: 60 - volumeClaimTemplates: - - metadata: - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: kong-migrations - namespace: kong -spec: - template: - metadata: - name: kong-migrations - spec: - containers: - - command: - - /bin/bash - - -c - - kong migrations bootstrap && kong migrations up && kong migrations finish - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: kong-enterprise-superuser-password - - name: KONG_PG_PASSWORD - value: kong - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PORT - value: "5432" - image: kong/kong-gateway:3.4 - name: kong-migrations - imagePullSecrets: - - name: kong-enterprise-edition-docker - initContainers: - - command: - - /bin/bash - - -c - - until timeout 1 bash 9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}; do echo - 'waiting for db'; sleep 1; done - env: - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PORT - value: "5432" - image: kong/kong-gateway:3.4 - name: wait-for-postgres - restartPolicy: OnFailure ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/deploy/single/all-in-one-postgres.yaml b/deploy/single/all-in-one-postgres.yaml index 16a44a304b..b7f29bdca9 100644 --- a/deploy/single/all-in-one-postgres.yaml +++ b/deploy/single/all-in-one-postgres.yaml @@ -1,2307 +1,18 @@ # Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/deploy/single/all-in-one-postgres.yaml +# -apiVersion: v1 -kind: Namespace -metadata: - name: kong ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: ingressclassparameterses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: IngressClassParameters - listKind: IngressClassParametersList - plural: ingressclassparameterses - singular: ingressclassparameters - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressClassParameters is the Schema for the IngressClassParameters - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the IngressClassParameters specification. - properties: - enableLegacyRegexDetection: - default: false - description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific - Ingress paths are regular expression paths using the legacy 2.x - heuristic. The controller adds the "~" prefix to those paths if - the Kong version is 3.0 or higher. - type: boolean - serviceUpstream: - default: false - description: Offload load-balancing to kube-proxy or sidecar. - type: boolean - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongClusterPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongClusterPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name, a namespace, and a key of a secret - to refer to. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - namespace: - description: The namespace containing the secret. - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongClusterPlugin - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongClusterPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumergroups.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumerGroup - listKind: KongConsumerGroupList - plural: kongconsumergroups - shortNames: - - kcg - singular: kongconsumergroup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KongConsumerGroup is the Schema for the kongconsumergroups API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumerGroup. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - consumerGroups: - description: ConsumerGroups are references to consumer groups (that consumer - wants to be part of) provisioned in Kong. - items: - type: string - type: array - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID is a Kong cluster-unique existing ID for the consumer - - useful for mapping Kong with users in your existing database. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: Status represents the current status of the KongConsumer - resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongConsumer. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - username: - description: Username is a Kong cluster-unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - proxy: - description: Proxy defines additional connection options for the routes - to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - etc. - properties: - connect_timeout: - description: "The timeout in milliseconds for\testablishing a connection - to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" - annotation instead." - minimum: 0 - type: integer - path: - description: '(optional) The path to be used in requests to the upstream - server. Deprecated: use Service''s "konghq.com/path" annotation - instead.' - pattern: ^/.*$ - type: string - protocol: - description: 'The protocol used to communicate with the upstream. - Deprecated: use Service''s "konghq.com/protocol" annotation instead.' - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - description: 'The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/read-timeout" annotation instead.' - minimum: 0 - type: integer - retries: - description: 'The number of retries to execute upon failure to proxy. - Deprecated: use Service''s "konghq.com/retries" annotation instead.' - minimum: 0 - type: integer - write_timeout: - description: 'The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. Deprecated: - use Service''s "konghq.com/write-timeout" annotation instead.' - minimum: 0 - type: integer - type: object - route: - description: Route define rules to match client requests. Each Route is - associated with a Service, and a Service may have multiple Routes associated - to it. - properties: - headers: - additionalProperties: - items: - type: string - type: array - description: 'Headers contains one or more lists of values indexed - by header name that will cause this Route to match if present in - the request. The Host header cannot be used with this attribute. - Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' - type: object - https_redirect_status_code: - description: 'HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. Deprecated: - use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" - annotations instead.' - type: integer - methods: - description: 'Methods is a list of HTTP methods that match this Route. - Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' - items: - type: string - type: array - path_handling: - description: 'PathHandling controls how the Service path, Route path - and requested path are combined when sending a request to the upstream. - Deprecated: use Ingress'' "konghq.com/path-handling" annotation - instead.' - enum: - - v0 - - v1 - type: string - preserve_host: - description: 'PreserveHost sets When matching a Route via one of the - hosts domain names, use the request Host header in the upstream - request headers. If set to false, the upstream Host header will - be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" - annotation instead.' - type: boolean - protocols: - description: 'Protocols is an array of the protocols this Route should - allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation - instead.' - items: - description: KongProtocol is a valid Kong protocol. This alias is - necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - description: 'RegexPriority is a number used to choose which route - resolves a given request when several routes match it using regexes - simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" - annotation instead.' - type: integer - request_buffering: - description: 'RequestBuffering sets whether to enable request body - buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" - annotation instead.' - type: boolean - response_buffering: - description: 'ResponseBuffering sets whether to enable response body - buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" - annotation instead.' - type: boolean - snis: - description: 'SNIs is a list of SNIs that match this Route when using - stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation - instead.' - items: - type: string - type: array - strip_path: - description: 'StripPath sets When matching a Route via one of the - paths strip the matching prefix from the upstream request URL. Deprecated: - use Ingress'' "konghq.com/strip-path" annotation instead.' - type: boolean - type: object - upstream: - description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). - properties: - algorithm: - description: 'Algorithm is the load balancing algorithm to use. Accepted - values are: "round-robin", "consistent-hashing", "least-connections", - "latency".' - enum: - - round-robin - - consistent-hashing - - least-connections - - latency - type: string - hash_fallback: - description: 'HashFallback defines What to use as hashing input if - the primary hash_on does not return a hash. Accepted values are: - "none", "consumer", "ip", "header", "cookie".' - type: string - hash_fallback_header: - description: HashFallbackHeader is the header name to take the value - from as hash input. Only required when "hash_fallback" is set to - "header". - type: string - hash_fallback_query_arg: - description: HashFallbackQueryArg is the "hash_fallback" version of - HashOnQueryArg. - type: string - hash_fallback_uri_capture: - description: HashFallbackURICapture is the "hash_fallback" version - of HashOnURICapture. - type: string - hash_on: - description: 'HashOn defines what to use as hashing input. Accepted - values are: "none", "consumer", "ip", "header", "cookie", "path", - "query_arg", "uri_capture".' - type: string - hash_on_cookie: - description: The cookie name to take the value from as hash input. - Only required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_cookie_path: - description: The cookie path to set in the response headers. Only - required when "hash_on" or "hash_fallback" is set to "cookie". - type: string - hash_on_header: - description: HashOnHeader defines the header name to take the value - from as hash input. Only required when "hash_on" is set to "header". - type: string - hash_on_query_arg: - description: HashOnQueryArg is the query string parameter whose value - is the hash input when "hash_on" is set to "query_arg". - type: string - hash_on_uri_capture: - description: HashOnURICapture is the name of the capture group whose - value is the hash input when "hash_on" is set to "uri_capture". - type: string - healthchecks: - description: Healthchecks defines the health check configurations - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - headers: - additionalProperties: - items: - type: string - type: array - type: object - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - https_sni: - type: string - https_verify_certificate: - type: boolean - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeouts: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: number - type: object - host_header: - description: HostHeader is The hostname to be used as Host header - when proxying requests through Kong. - type: string - slots: - description: Slots is the number of slots in the load balancer algorithm. - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Programmed")].status - name: Programmed - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - config: - description: Config contains the plugin configuration. It's a list of - keys and values required to configure the plugin. Please read the documentation - of the plugin being configured to set values in here. For any plugin - in Kong, anything that goes in the `config` JSON key in the Admin API - request, goes into this property. Only one of `config` or `configFrom` - may be used in a KongPlugin, not both at once. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - This should be used when the plugin configuration contains sensitive - information, such as AWS credentials in the Lambda plugin or the client - secret in the OIDC plugin. Only one of `config` or `configFrom` may - be used in a KongPlugin, not both at once. - properties: - secretKeyRef: - description: Specifies a name and a key of a secret to refer to. The - namespace is implicitly set to the one of referring object. - properties: - key: - description: The key containing the value. - type: string - name: - description: The secret containing the key. - type: string - required: - - key - - name - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer. - type: string - disabled: - description: Disabled set if the plugin is disabled or not. - type: boolean - instance_name: - description: InstanceName is an optional custom name to identify an instance - of the plugin. This is useful when running the same plugin in multiple - contexts, for example, on multiple services. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - ordering: - description: 'Ordering overrides the normal plugin execution order. It''s - only available on Kong Enterprise. `` is a request processing - phase (for example, `access` or `body_filter`) and `` is the - name of the plugin that will run before or after the KongPlugin. For - example, a KongPlugin with `plugin: rate-limiting` and `before.access: - ["key-auth"]` will create a rate limiting plugin that limits requests - _before_ they are authenticated.' - properties: - after: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - before: - additionalProperties: - items: - type: string - type: array - description: PluginOrderingPhase indicates which plugins in a phase - should affect the target plugin's order - type: object - type: object - plugin: - description: PluginName is the name of the plugin to which to apply the - config. - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - description: KongProtocol is a valid Kong protocol. This alias is necessary - to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - status: - description: Status represents the current status of the KongPlugin resource. - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the KongPluginStatus. - \n Known condition types are: \n * \"Programmed\"" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 8 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the TCPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is not specified, - then port-based TCP routing is performed. Kong doesn't care - about the content of the TCP stream in this case. If a Host - is specified, the protocol must be TLS over TCP. A plain-text - TCP request cannot be routed based on Host. It can only be - routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - categories: - - kong-ingress-controller - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the UDPIngress specification. - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - minLength: 1 - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kong-ingress-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - update - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants/status - verbs: - - get -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/status - verbs: - - get - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-crds -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress-gateway -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: v1 -kind: Service -metadata: - name: postgres - namespace: kong -spec: - ports: - - name: pgql - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - app: postgres ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: kong-serviceaccount-token - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_DATABASE - value: postgres - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PASSWORD - value: kong - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport - backlog=16384 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl reuseport backlog=16384 - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_KIC - value: "on" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - image: kong:3.4 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.12 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kong-serviceaccount-token - readOnly: true - initContainers: - - command: - - /bin/bash - - -c - - while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; - sleep 2; done; - env: - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PASSWORD - value: kong - image: kong:3.4 - name: wait-for-migrations - serviceAccountName: kong-serviceaccount - volumes: - - name: kong-serviceaccount-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgres - namespace: kong -spec: - replicas: 1 - selector: - matchLabels: - app: postgres - serviceName: postgres - template: - metadata: - labels: - app: postgres - spec: - containers: - - env: - - name: POSTGRES_USER - value: kong - - name: POSTGRES_PASSWORD - value: kong - - name: POSTGRES_DB - value: kong - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - image: postgres:9.5 - name: postgres - ports: - - containerPort: 5432 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: datadir - subPath: pgdata - terminationGracePeriodSeconds: 60 - volumeClaimTemplates: - - metadata: - name: datadir - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: kong-migrations - namespace: kong -spec: - template: - metadata: - name: kong-migrations - spec: - containers: - - command: - - /bin/bash - - -c - - kong migrations bootstrap && kong migrations up && kong migrations finish - env: - - name: KONG_PG_PASSWORD - value: kong - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PORT - value: "5432" - image: kong:3.4 - name: kong-migrations - initContainers: - - command: - - /bin/bash - - -c - - until timeout 1 bash 9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}; do echo - 'waiting for db'; sleep 1; done - env: - - name: KONG_PG_HOST - value: postgres - - name: KONG_PG_PORT - value: "5432" - image: kong:3.4 - name: wait-for-postgres - restartPolicy: OnFailure ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong +apiVersion: please-use-helm-to-install-kong +kind: Deprecated diff --git a/scripts/build-single-manifests.sh b/scripts/build-single-manifests.sh index 0e461176e3..2ecc50de27 100755 --- a/scripts/build-single-manifests.sh +++ b/scripts/build-single-manifests.sh @@ -3,7 +3,6 @@ set -o errexit set -o nounset set -o pipefail - REPO_ROOT=$(dirname ${BASH_SOURCE})/.. cd "${REPO_ROOT}" @@ -15,14 +14,47 @@ cd "${REPO_ROOT}" function generate_all_in_one_manifest() { echo "Generating kustomize manifest for ${1} in ${2}" - echo -e '# Generated by build-single-manifest.sh. DO NOT EDIT.\n' > "${2}" + echo -e '# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT.\n' > "${2}" "${REPO_ROOT}/bin/kustomize" build "${1}" >> "${2}" } +function generate_deprecation_message() +{ + echo "Generating manifest with deprecation info in ${1}" +cat << EOF > "${1}" +# Generated by build-single-manifest.sh. DO NOT EDIT. +# +# DEPRECATED +# +# For Kong Ingress Controller 3.0+, please use Helm instead: +# +# $ helm repo add kong https://charts.konghq.com +# $ helm repo update +# $ helm install kong/kong --generate-name --set ingressController.installCRDs=false +# +# If you intend to use an older version, Helm is recommended but you still have the option +# to install using manifests. In that case, replace the 'main' branch in your link with the +# KIC tag. For example: +# kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.0/${1} +# + +apiVersion: please-use-helm-to-install-kong +kind: Deprecated +EOF +} + + +MANIFESTS=( + 'postgres all-in-one-postgres.yaml' + 'enterprise all-in-one-dbless-k4k8s-enterprise.yaml' + 'enterprise-postgres all-in-one-postgres-enterprise.yaml' + 'multi-gw/oss all-in-one-dbless.yaml' + 'konnect/oss all-in-one-dbless-konnect.yaml' + 'konnect/enterprise all-in-one-dbless-konnect-enterprise.yaml' +) -generate_all_in_one_manifest 'config/variants/postgres' 'deploy/single/all-in-one-postgres.yaml' -generate_all_in_one_manifest 'config/variants/enterprise' 'deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml' -generate_all_in_one_manifest 'config/variants/enterprise-postgres' 'deploy/single/all-in-one-postgres-enterprise.yaml' -generate_all_in_one_manifest 'config/variants/multi-gw/oss' 'deploy/single/all-in-one-dbless.yaml' -generate_all_in_one_manifest 'config/variants/konnect/oss' 'deploy/single/all-in-one-dbless-konnect.yaml' -generate_all_in_one_manifest 'config/variants/konnect/enterprise' 'deploy/single/all-in-one-dbless-konnect-enterprise.yaml' +for MANIFEST in "${MANIFESTS[@]}"; do + set -- ${MANIFEST} # Unpack tuple-like structure MANIFESTS. + generate_all_in_one_manifest "config/variants/${1}" "test/e2e/manifests/${2}" + generate_deprecation_message "deploy/single/${2}" +done diff --git a/test/e2e/all_in_one_test.go b/test/e2e/all_in_one_test.go index b44e4d73ee..9da18662ab 100644 --- a/test/e2e/all_in_one_test.go +++ b/test/e2e/all_in_one_test.go @@ -36,10 +36,10 @@ import ( // ensure that things are up and running. // ----------------------------------------------------------------------------- -const entDBLESSPath = "../../deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml" - func TestDeployAllInOneEnterpriseDBLESS(t *testing.T) { - t.Log("configuring all-in-one-dbless-k4k8s-enterprise.yaml manifest test") + const entDBLESSPath = "manifests/all-in-one-dbless-k4k8s-enterprise.yaml" + + t.Logf("configuring %s manifest test", entDBLESSPath) if os.Getenv(kong.LicenseDataEnvVar) == "" { t.Skipf("no license available to test enterprise: %s was not provided", kong.LicenseDataEnvVar) } @@ -73,7 +73,7 @@ func TestDeployAllInOneEnterpriseDBLESS(t *testing.T) { verifyEnterprise(ctx, t, env, adminPassword) } -const postgresPath = "../../deploy/single/all-in-one-postgres.yaml" +const postgresPath = "manifests/all-in-one-postgres.yaml" func TestDeployAllInOnePostgres(t *testing.T) { t.Log("configuring all-in-one-postgres.yaml manifest test") @@ -215,7 +215,7 @@ func TestDeployAllInOnePostgresWithMultipleReplicas(t *testing.T) { }, 2*time.Minute, time.Second) } -const entPostgresPath = "../../deploy/single/all-in-one-postgres-enterprise.yaml" +const entPostgresPath = "manifests/all-in-one-postgres-enterprise.yaml" func TestDeployAllInOneEnterprisePostgres(t *testing.T) { t.Log("configuring all-in-one-postgres-enterprise.yaml manifest test") @@ -259,12 +259,9 @@ func TestDeployAllInOneEnterprisePostgres(t *testing.T) { func TestDeployAllInOneDBLESS(t *testing.T) { t.Parallel() - const ( - manifestFileName = "all-in-one-dbless.yaml" - manifestFilePath = "../../deploy/single/" + manifestFileName - ) + const manifestFilePath = "manifests/all-in-one-dbless.yaml" - t.Logf("configuring %s manifest test", manifestFileName) + t.Logf("configuring %s manifest test", manifestFilePath) ctx, env := setupE2ETest(t) t.Log("deploying kong components") diff --git a/test/e2e/konnect_test.go b/test/e2e/konnect_test.go index e52069acfc..f7a71f6f50 100644 --- a/test/e2e/konnect_test.go +++ b/test/e2e/konnect_test.go @@ -85,7 +85,7 @@ func TestKonnectLicenseActivation(t *testing.T) { cert, key := createClientCertificate(ctx, t, rgID) createKonnectClientSecretAndConfigMap(ctx, t, env, cert, key, rgID) - manifestFile := "../../deploy/single/all-in-one-dbless-konnect-enterprise.yaml" + const manifestFile = "manifests/all-in-one-dbless-konnect-enterprise.yaml" ManifestDeploy{Path: manifestFile}.Run(ctx, t, env) exposeAdminAPI(ctx, t, env, k8stypes.NamespacedName{Namespace: "kong", Name: "proxy-kong"}) @@ -167,7 +167,7 @@ func skipIfMissingRequiredKonnectEnvVariables(t *testing.T) { // deployAllInOneKonnectManifest deploys all-in-one-dbless-konnect.yaml manifest, replacing the controller image // if specified by environment variables. func deployAllInOneKonnectManifest(ctx context.Context, t *testing.T, env environment.Environment) Deployments { - const manifestFile = "../../deploy/single/all-in-one-dbless-konnect.yaml" + const manifestFile = "manifests/all-in-one-dbless-konnect.yaml" t.Logf("deploying %s manifest file", manifestFile) return ManifestDeploy{Path: manifestFile}.Run(ctx, t, env) diff --git a/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml b/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml new file mode 100644 index 0000000000..c8f4cfab8e --- /dev/null +++ b/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml @@ -0,0 +1,2257 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-admin + namespace: kong +spec: + clusterIP: None + ports: + - name: admin + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app: proxy-kong +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: proxy-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CONTROLLER_KONG_ADMIN_SVC + value: kong/kong-admin + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-kong + name: proxy-kong + namespace: kong +spec: + replicas: 2 + selector: + matchLabels: + app: proxy-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: proxy-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_LICENSE_DATA + valueFrom: + secretKeyRef: + key: license + name: kong-enterprise-license + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_DATABASE + value: "off" + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong/kong-gateway:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + imagePullSecrets: + - name: kong-enterprise-edition-docker + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml b/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml new file mode 100644 index 0000000000..3e35cd7f18 --- /dev/null +++ b/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml @@ -0,0 +1,2265 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-admin + namespace: kong +spec: + clusterIP: None + ports: + - name: admin + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app: proxy-kong +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: proxy-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CONTROLLER_KONNECT_SYNC_ENABLED + value: "true" + - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT + valueFrom: + secretKeyRef: + key: tls.crt + name: konnect-client-tls + - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY + valueFrom: + secretKeyRef: + key: tls.key + name: konnect-client-tls + - name: CONTROLLER_KONG_ADMIN_SVC + value: kong/kong-admin + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: konnect-config + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-kong + name: proxy-kong + namespace: kong +spec: + replicas: 2 + selector: + matchLabels: + app: proxy-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: proxy-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_DATABASE + value: "off" + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong/kong-gateway:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/manifests/all-in-one-dbless-konnect.yaml b/test/e2e/manifests/all-in-one-dbless-konnect.yaml new file mode 100644 index 0000000000..377c99f523 --- /dev/null +++ b/test/e2e/manifests/all-in-one-dbless-konnect.yaml @@ -0,0 +1,2267 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-admin + namespace: kong +spec: + clusterIP: None + ports: + - name: admin + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app: proxy-kong +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: proxy-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.kuma.io/exclude-outbound-ports: "8444" + traffic.sidecar.istio.io/excludeOutboundPorts: "8444" + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CONTROLLER_KONNECT_SYNC_ENABLED + value: "true" + - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT + valueFrom: + secretKeyRef: + key: tls.crt + name: konnect-client-tls + - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY + valueFrom: + secretKeyRef: + key: tls.key + name: konnect-client-tls + - name: CONTROLLER_KONG_ADMIN_SVC + value: kong/kong-admin + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: konnect-config + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-kong + name: proxy-kong + namespace: kong +spec: + replicas: 2 + selector: + matchLabels: + app: proxy-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: proxy-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_DATABASE + value: "off" + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/manifests/all-in-one-dbless.yaml b/test/e2e/manifests/all-in-one-dbless.yaml new file mode 100644 index 0000000000..4f853d9637 --- /dev/null +++ b/test/e2e/manifests/all-in-one-dbless.yaml @@ -0,0 +1,2252 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-admin + namespace: kong +spec: + clusterIP: None + ports: + - name: admin + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app: proxy-kong +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: proxy-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.kuma.io/exclude-outbound-ports: "8444" + traffic.sidecar.istio.io/excludeOutboundPorts: "8444" + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CONTROLLER_KONG_ADMIN_SVC + value: kong/kong-admin + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-kong + name: proxy-kong + namespace: kong +spec: + replicas: 2 + selector: + matchLabels: + app: proxy-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: proxy-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_DATABASE + value: "off" + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/manifests/all-in-one-postgres-enterprise.yaml b/test/e2e/manifests/all-in-one-postgres-enterprise.yaml new file mode 100644 index 0000000000..a7bca8403f --- /dev/null +++ b/test/e2e/manifests/all-in-one-postgres-enterprise.yaml @@ -0,0 +1,2382 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-admin + namespace: kong +spec: + externalTrafficPolicy: Local + ports: + - name: admin + port: 80 + protocol: TCP + targetPort: 8001 + selector: + app: ingress-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-manager + namespace: kong +spec: + externalTrafficPolicy: Local + ports: + - name: manager + port: 80 + protocol: TCP + targetPort: 8002 + selector: + app: ingress-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: ingress-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + namespace: kong +spec: + ports: + - name: pgql + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_LICENSE_DATA + valueFrom: + secretKeyRef: + key: license + name: kong-enterprise-license + - name: KONG_ADMIN_API_URI + value: set-me + - name: KONG_ADMIN_GUI_AUTH + value: basic-auth + - name: KONG_ENFORCE_RBAC + value: "on" + - name: KONG_ADMIN_GUI_SESSION_CONF + value: '{"cookie_secure":false,"storage":"kong","cookie_name":"admin_session","cookie_lifetime":31557600,"cookie_samesite":"off","secret":"please-change-me"}' + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8001, 0.0.0.0:8444 ssl + - name: KONG_DATABASE + value: postgres + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PASSWORD + value: kong + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong/kong-gateway:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8001 + name: admin + protocol: TCP + - containerPort: 8002 + name: manager + protocol: TCP + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + - env: + - name: CONTROLLER_KONG_ADMIN_TOKEN + valueFrom: + secretKeyRef: + key: password + name: kong-enterprise-superuser-password + - name: CONTROLLER_KONG_ADMIN_URL + value: https://127.0.0.1:8444 + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + imagePullSecrets: + - name: kong-enterprise-edition-docker + initContainers: + - command: + - /bin/bash + - -c + - while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; + sleep 2; done; + env: + - name: KONG_LICENSE_DATA + valueFrom: + secretKeyRef: + key: license + name: kong-enterprise-license + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PASSWORD + value: kong + image: kong/kong-gateway:3.4 + name: wait-for-migrations + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + serviceName: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - env: + - name: POSTGRES_USER + value: kong + - name: POSTGRES_PASSWORD + value: kong + - name: POSTGRES_DB + value: kong + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + image: postgres:9.5 + name: postgres + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: datadir + subPath: pgdata + terminationGracePeriodSeconds: 60 + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kong-migrations + namespace: kong +spec: + template: + metadata: + name: kong-migrations + spec: + containers: + - command: + - /bin/bash + - -c + - kong migrations bootstrap && kong migrations up && kong migrations finish + env: + - name: KONG_LICENSE_DATA + valueFrom: + secretKeyRef: + key: license + name: kong-enterprise-license + - name: KONG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kong-enterprise-superuser-password + - name: KONG_PG_PASSWORD + value: kong + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PORT + value: "5432" + image: kong/kong-gateway:3.4 + name: kong-migrations + imagePullSecrets: + - name: kong-enterprise-edition-docker + initContainers: + - command: + - /bin/bash + - -c + - until timeout 1 bash 9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}; do echo + 'waiting for db'; sleep 1; done + env: + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PORT + value: "5432" + image: kong/kong-gateway:3.4 + name: wait-for-postgres + restartPolicy: OnFailure +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/manifests/all-in-one-postgres.yaml b/test/e2e/manifests/all-in-one-postgres.yaml new file mode 100644 index 0000000000..688bf8460f --- /dev/null +++ b/test/e2e/manifests/all-in-one-postgres.yaml @@ -0,0 +1,2307 @@ +# Generated by build-single-manifest.sh. NOT FOR PRODUCTION USE (only used internally for testing). DO NOT EDIT. + +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: EnableLegacyRegexDetection automatically detects if ImplementationSpecific + Ingress paths are regular expression paths using the legacy 2.x + heuristic. The controller adds the "~" prefix to those paths if + the Kong version is 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret + to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongClusterPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumerGroup. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + consumerGroups: + description: ConsumerGroups are references to consumer groups (that consumer + wants to be part of) provisioned in Kong. + items: + type: string + type: array + credentials: + description: Credentials are references to secrets containing a credential + to be provisioned in Kong. + items: + type: string + type: array + custom_id: + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer + resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongConsumer. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + proxy: + description: Proxy defines additional connection options for the routes + to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, + etc. + properties: + connect_timeout: + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." + minimum: 0 + type: integer + path: + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' + pattern: ^/.*$ + type: string + protocol: + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' + minimum: 0 + type: integer + retries: + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' + minimum: 0 + type: integer + write_timeout: + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' + minimum: 0 + type: integer + type: object + route: + description: Route define rules to match client requests. Each Route is + associated with a Service, and a Service may have multiple Routes associated + to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: 'Headers contains one or more lists of values indexed + by header name that will cause this Route to match if present in + the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' + type: object + https_redirect_status_code: + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' + type: integer + methods: + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/methods" annotation instead.' + items: + type: string + type: array + path_handling: + description: 'PathHandling controls how the Service path, Route path + and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' + enum: + - v0 + - v1 + type: string + preserve_host: + description: 'PreserveHost sets When matching a Route via one of the + hosts domain names, use the request Host header in the upstream + request headers. If set to false, the upstream Host header will + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' + type: boolean + protocols: + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' + items: + description: KongProtocol is a valid Kong protocol. This alias is + necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: 'RegexPriority is a number used to choose which route + resolves a given request when several routes match it using regexes + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' + type: integer + request_buffering: + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' + type: boolean + response_buffering: + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' + type: boolean + snis: + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' + items: + type: string + type: array + strip_path: + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' + type: boolean + type: object + upstream: + description: Upstream represents a virtual hostname and can be used to + loadbalance incoming requests over multiple targets (e.g. Kubernetes + `Services` can be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: 'Algorithm is the load balancing algorithm to use. Accepted + values are: "round-robin", "consistent-hashing", "least-connections", + "latency".' + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: 'HashFallback defines What to use as hashing input if + the primary hash_on does not return a hash. Accepted values are: + "none", "consumer", "ip", "header", "cookie".' + type: string + hash_fallback_header: + description: HashFallbackHeader is the header name to take the value + from as hash input. Only required when "hash_fallback" is set to + "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of + HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version + of HashOnURICapture. + type: string + hash_on: + description: 'HashOn defines what to use as hashing input. Accepted + values are: "none", "consumer", "ip", "header", "cookie", "path", + "query_arg", "uri_capture".' + type: string + hash_on_cookie: + description: The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: The cookie path to set in the response headers. Only + required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: HashOnHeader defines the header name to take the value + from as hash input. Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value + is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: HashOnURICapture is the name of the capture group whose + value is the hash input when "hash_on" is set to "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations + in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check + probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: Healthy configures thresholds and HTTP status + codes to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status + codes to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + config: + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + type: object + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: InstanceName is an optional custom name to identify an instance + of the plugin. This is useful when running the same plugin in multiple + contexts, for example, on multiple services. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + ordering: + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase + should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the + config. + type: string + protocols: + description: Protocols configures plugin to run on requests received on + specific protocols. + items: + description: KongProtocol is a valid Kong protocol. This alias is necessary + to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: RunOn configures the plugin to run on the first or the second + or both nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the KongPluginStatus. + \n Known condition types are: \n * \"Programmed\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: IngressRule represents a rule to apply against incoming + requests. Matching is performed based on an (optional) SNI and + port. + properties: + backend: + description: Backend defines the referenced service endpoint + to which the traffic will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: Host is the fully qualified domain name of a network + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. + type: string + port: + description: Port is the port on which to accept TCP or TLS + over TCP sessions and route. It is a required field. If a + Host is not specified, the requested are routed based only + on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: TLS configuration. This is similar to the `tls` section + in the Ingress resource in networking.v1beta1 group. The mapping + of SNIs to TLS cert-key pair defined here will be used for HTTP + Ingress rules as well. Once can define the mapping in this resource + or the original Ingress resource, both have the same effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: Hosts are a list of hosts included in the TLS certificate. + The values in this list must match the name/s used in the + tlsSecret. Defaults to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate + SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: UDPIngressRule represents a rule to apply against incoming + requests wherein no Host matching is available for request routing, + only the port is used to match requests. + properties: + backend: + description: Backend defines the Kubernetes service which accepts + traffic from the listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: Port indicates the port for the Kong proxy to accept + incoming traffic on, which will then be routed to the service + Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific error + values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kong-leader-election + namespace: kong +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kong-ingress-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - list + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tcproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - tlsroutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - udproutes/status + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kong-leader-election + namespace: kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kong-leader-election +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-crds +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kong-ingress-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kong-ingress-gateway +subjects: +- kind: ServiceAccount + name: kong-serviceaccount + namespace: kong +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-type: nlb + name: kong-proxy + namespace: kong +spec: + ports: + - name: proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: proxy-ssl + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: ingress-kong + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: kong-validation-webhook + namespace: kong +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app: ingress-kong +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + namespace: kong +spec: + ports: + - name: pgql + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ingress-kong + name: ingress-kong + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: kong-serviceaccount-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: ingress-kong + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_DATABASE + value: postgres + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PASSWORD + value: kong + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport + backlog=16384 + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl reuseport backlog=16384 + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100 + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_KIC + value: "on" + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + image: kong:3.4 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - kong quit + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-ssl + protocol: TCP + - containerPort: 8100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: 8100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + - env: + - name: CONTROLLER_KONG_ADMIN_URL + value: https://127.0.0.1:8444 + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_PUBLISH_SERVICE + value: kong/kong-proxy + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: kong/kubernetes-ingress-controller:2.12 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kong-serviceaccount-token + readOnly: true + initContainers: + - command: + - /bin/bash + - -c + - while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; + sleep 2; done; + env: + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PASSWORD + value: kong + image: kong:3.4 + name: wait-for-migrations + serviceAccountName: kong-serviceaccount + volumes: + - name: kong-serviceaccount-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres + namespace: kong +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + serviceName: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - env: + - name: POSTGRES_USER + value: kong + - name: POSTGRES_PASSWORD + value: kong + - name: POSTGRES_DB + value: kong + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + image: postgres:9.5 + name: postgres + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: datadir + subPath: pgdata + terminationGracePeriodSeconds: 60 + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kong-migrations + namespace: kong +spec: + template: + metadata: + name: kong-migrations + spec: + containers: + - command: + - /bin/bash + - -c + - kong migrations bootstrap && kong migrations up && kong migrations finish + env: + - name: KONG_PG_PASSWORD + value: kong + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PORT + value: "5432" + image: kong:3.4 + name: kong-migrations + initContainers: + - command: + - /bin/bash + - -c + - until timeout 1 bash 9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}; do echo + 'waiting for db'; sleep 1; done + env: + - name: KONG_PG_HOST + value: postgres + - name: KONG_PG_PORT + value: "5432" + image: kong:3.4 + name: wait-for-postgres + restartPolicy: OnFailure +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: kong +spec: + controller: ingress-controllers.konghq.com/kong diff --git a/test/e2e/utils_test.go b/test/e2e/utils_test.go index b818a38d8f..989136fc41 100644 --- a/test/e2e/utils_test.go +++ b/test/e2e/utils_test.go @@ -38,7 +38,7 @@ const ( // API admin password. adminPasswordSecretName = "kong-enterprise-superuser-password" - dblessPath = "../../deploy/single/all-in-one-dbless.yaml" + dblessPath = "manifests/all-in-one-dbless.yaml" ) func generateAdminPasswordSecret() (string, *corev1.Secret, error) {