kind: Pod apiVersion: v1 metadata: generateName: ingress-kong-5fbb55cc7c- annotations: openshift.io/scc: privileged kuma.io/builtin-dns: enabled kuma.io/mesh: default kuma.io/sidecar-uid: '5678' kuma.io/transparent-proxying: enabled kuma.io/builtin-dns-port: '15053' k8s.v1.cni.cncf.io/networks: kuma-cni kuma.io/transparent-proxying-ip-family-mode: dualstack kuma.io/envoy-admin-port: '9901' kuma.io/virtual-probes-port: '9000' kuma.io/builtin-dns-logging: 'false' kuma.io/transparent-proxying-ebpf: disabled kuma.io/transparent-proxying-outbound-port: '15001' kuma.io/sidecar-injected: 'true' kuma.io/transparent-proxying-inbound-port: '15006' kuma.io/virtual-probes: enabled resourceVersion: '316675311' name: ingress-kong-5fbb55cc7c-wcn92 namespace: kong ownerReferences: - apiVersion: apps/v1 kind: ReplicaSet name: ingress-kong-5fbb55cc7c uid: 1d518026-71f9-4f9b-b7d8-b04d6150f01b controller: true blockOwnerDeletion: true labels: app: ingress-kong pod-template-hash: 5fbb55cc7c spec: nodeSelector: proxy: kong restartPolicy: Always initContainers: - resources: limits: cpu: 100m memory: 50M requests: cpu: 20m memory: 20M terminationMessagePath: /dev/termination-log name: kuma-validation command: - /usr/bin/kumactl - install - transparent-proxy-validator securityContext: capabilities: drop: - ALL runAsUser: 5678 runAsGroup: 5678 runAsNonRoot: true readOnlyRootFilesystem: true imagePullPolicy: IfNotPresent volumeMounts: - name: kuma-sidecar-tmp mountPath: /tmp - name: kube-api-access-rdvhz readOnly: true mountPath: /var/run/secrets/kubernetes.io/serviceaccount terminationMessagePolicy: File image: 'docker.io/kumahq/kuma-init:2.8.1' args: - '--config-file' - /tmp/.kumactl - '--ip-family-mode' - dualstack - '--validation-server-port' - '15006' serviceAccountName: kong-serviceaccount imagePullSecrets: - name: gitlab-docker-registry priority: 0 schedulerName: default-scheduler hostNetwork: true enableServiceLinks: true terminationGracePeriodSeconds: 30 preemptionPolicy: PreemptLowerPriority nodeName: node-1-fsn-eu.k8stest.route360.net securityContext: {} containers: - resources: limits: cpu: '1' ephemeral-storage: 1G memory: 512Mi requests: cpu: 50m ephemeral-storage: 50M memory: 64Mi readinessProbe: httpGet: path: /ready port: 9901 scheme: HTTP initialDelaySeconds: 1 timeoutSeconds: 3 periodSeconds: 5 successThreshold: 1 failureThreshold: 12 terminationMessagePath: /dev/termination-log name: kuma-sidecar livenessProbe: httpGet: path: /ready port: 9901 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 3 periodSeconds: 5 successThreshold: 1 failureThreshold: 12 env: - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: KUMA_CONTROL_PLANE_CA_CERT value: | -----BEGIN CERTIFICATE----- MIIDEDCCAfigAwIBAgIRAK/kUUgD38Y/2b+ZW1QvPBIwDQYJKoZIhvcNAQELBQAw yTPVrVoS6/xDC+hgPnJKIeBNudY9u3WC7/RN6AQpRwv2c4DVVgKLFNgkG8vvvOQy Uvd2PfYuRJa+XJmIYI4qJZzJVWA= -----END CERTIFICATE----- - name: KUMA_CONTROL_PLANE_URL value: 'https://kuma-control-plane.kuma-system:5678' - name: KUMA_DATAPLANE_DRAIN_TIME value: 30s - name: KUMA_DATAPLANE_MESH value: default - name: KUMA_DATAPLANE_RUNTIME_TOKEN_PATH value: /var/run/secrets/kubernetes.io/serviceaccount/token - name: KUMA_DNS_CORE_DNS_BINARY_PATH value: coredns - name: KUMA_DNS_CORE_DNS_PORT value: '15053' - name: KUMA_DNS_ENABLED value: 'true' - name: KUMA_DNS_ENABLE_LOGGING value: 'false' - name: KUMA_DNS_ENVOY_DNS_PORT value: '15055' - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace securityContext: capabilities: drop: - ALL runAsUser: 5678 runAsGroup: 5678 runAsNonRoot: true readOnlyRootFilesystem: true imagePullPolicy: IfNotPresent volumeMounts: - name: kube-api-access-rdvhz readOnly: true mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kuma-sidecar-tmp mountPath: /tmp terminationMessagePolicy: File image: 'docker.io/kumahq/kuma-dp:2.8.1' args: - run - '--log-level=info' - '--concurrency=2' - resources: {} readinessProbe: httpGet: path: /8100/status port: 9000 scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 terminationMessagePath: /dev/termination-log lifecycle: preStop: exec: command: - /bin/sh - '-c' - kong quit name: proxy livenessProbe: httpGet: path: /8100/status port: 9000 scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 env: - name: KONG_PROXY_LISTEN value: '0.0.0.0:31080, 0.0.0.0:31443 ssl http2' - name: KONG_STATUS_LISTEN value: '0.0.0.0:8100' - name: KONG_NGINX_WORKER_PROCESSES value: '2' - name: KONG_ADMIN_ACCESS_LOG value: /dev/stdout - name: KONG_ADMIN_ERROR_LOG value: /dev/stderr - name: KONG_PROXY_ERROR_LOG value: /dev/stderr - name: KONG_NGINX_PROXY_PROXY_NEXT_UPSTREAM value: error timeout invalid_header http_500 http_503 non_idempotent - name: KONG_ADMIN_LISTEN value: '0.0.0.0:8001 reuseport backlog=16384, 0.0.0.0:8444 http2 ssl reuseport backlog=16384' - name: KONG_DATABASE value: 'off' - name: KONG_NGINX_HTTP_GZIP value: 'on' - name: KONG_NGINX_HTTP_GZIP_TYPES value: text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript - name: KONG_NGINX_HTTP_GZIP_COMP_LEVEL value: '5' - name: KONG_NGINX_HTTP_GZIP_HTTP_VERSION value: '1.0' - name: KONG_NGINX_HTTP_GZIP_MIN_LENGTH value: '256' - name: KONG_NGINX_HTTP_GZIP_PROXIED value: any - name: KONG_NGINX_HTTP_GZIP_VARY value: 'on' - name: KONG_REAL_IP_HEADER value: X-Forwarded-For - name: KONG_READ_IP_RECURSIVE value: 'on' - name: KONG_NGINX_HTTP_ADD_HEADER value: Strict-Transport-Security "max-age=31536000" - name: KONG_SSL_CERT value: /etc/kong-ssl/wildcard.testing.xxxx.com_fullchain.pem - name: KONG_SSL_CERT_KEY value: /etc/kong-ssl/wildcard.testing.xxxx.com_privkey.pem - name: KONG_MEM_CACHE_SIZE value: 4096m ports: - name: proxy hostPort: 31080 containerPort: 31080 protocol: TCP - name: proxy-ssl hostPort: 31443 containerPort: 31443 protocol: TCP - name: metrics hostPort: 8100 containerPort: 8100 protocol: TCP imagePullPolicy: Always volumeMounts: - name: ssl-testing-xxxx-com readOnly: true mountPath: /etc/kong-ssl - name: kube-api-access-rdvhz readOnly: true mountPath: /var/run/secrets/kubernetes.io/serviceaccount terminationMessagePolicy: File image: 'docker.eu.xxxx.com/oci/prod/kong:3.4.2' workingDir: /usr/local/kong - name: ingress-controller image: 'docker.eu.xxxx.com/oci/prod/kong-k8s-ingress:2.10.0' env: - name: CONTROLLER_KONG_ADMIN_URL value: 'http://127.0.0.1:8001' - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY value: 'true' - name: CONTROLLER_PUBLISH_SERVICE value: kong/kong-proxy - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CONTROLLER_INGRESS_CLASS value: kong resources: {} volumeMounts: - name: kube-api-access-rdvhz readOnly: true mountPath: /var/run/secrets/kubernetes.io/serviceaccount terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent serviceAccount: kong-serviceaccount volumes: - name: ssl-testing-xxxx-com secret: secretName: ssl-testing-xxxx-com defaultMode: 420 - name: kube-api-access-rdvhz projected: sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: name: kube-root-ca.crt items: - key: ca.crt path: ca.crt - downwardAPI: items: - path: namespace fieldRef: apiVersion: v1 fieldPath: metadata.namespace - configMap: name: openshift-service-ca.crt items: - key: service-ca.crt path: service-ca.crt defaultMode: 420 - name: kuma-init-tmp emptyDir: sizeLimit: 10M - name: kuma-sidecar-tmp emptyDir: sizeLimit: 10M dnsPolicy: ClusterFirst tolerations: - key: node.kubernetes.io/not-ready operator: Exists effect: NoExecute tolerationSeconds: 300 - key: node.kubernetes.io/unreachable operator: Exists effect: NoExecute tolerationSeconds: 300 - key: node.kubernetes.io/memory-pressure operator: Exists effect: NoSchedule status: containerStatuses: - name: ingress-controller state: waiting: reason: PodInitializing lastState: {} ready: false restartCount: 0 image: 'docker.eu.xxxx.com/oci/prod/kong-k8s-ingress:2.10.0' imageID: '' started: false - name: kuma-sidecar state: waiting: reason: PodInitializing lastState: {} ready: false restartCount: 0 image: 'docker.io/kumahq/kuma-dp:2.8.1' imageID: '' started: false - name: proxy state: waiting: reason: PodInitializing lastState: {} ready: false restartCount: 0 image: 'docker.eu.xxxx.com/oci/prod/kong:3.4.2' imageID: '' started: false qosClass: Burstable podIPs: - ip: 88.99.80.124 podIP: 88.99.80.124 hostIP: 88.99.80.124 startTime: '2024-07-25T13:39:05Z' initContainerStatuses: - restartCount: 0 started: true ready: false name: kuma-validation state: running: startedAt: '2024-07-25T13:39:06Z' imageID: de76246733e22b764fd3f6b84d7619c07acf8cc03333a079ba1695392a355423 image: 'docker.io/kumahq/kuma-init:2.8.1' lastState: {} containerID: 'cri-o://c997391b168d95586348d826b71cce68aac58db1765c2ce9cfe803c81cd3bfb6' conditions: - type: Initialized status: 'False' lastProbeTime: null lastTransitionTime: '2024-07-25T13:39:05Z' reason: ContainersNotInitialized message: 'containers with incomplete status: [kuma-validation]' - type: Ready status: 'False' lastProbeTime: null lastTransitionTime: '2024-07-25T13:39:05Z' reason: ContainersNotReady message: 'containers with unready status: [kuma-sidecar proxy ingress-controller]' - type: ContainersReady status: 'False' lastProbeTime: null lastTransitionTime: '2024-07-25T13:39:05Z' reason: ContainersNotReady message: 'containers with unready status: [kuma-sidecar proxy ingress-controller]' - type: PodScheduled status: 'True' lastProbeTime: null lastTransitionTime: '2024-07-25T13:39:05Z' phase: Pending