Skip to content

Instantly share code, notes, and snippets.

@Bongsakorn

Bongsakorn/kong_on_k8s.yaml

Last active June 17, 2020 06:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Bongsakorn/d84707ef51ee36cb5ba8e2fc8a3a7fe6 to your computer and use it in GitHub Desktop.
Save Bongsakorn/d84707ef51ee36cb5ba8e2fc8a3a7fe6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kong_on_k8s.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: kong2
namespace: development
spec:
revisionHistoryLimit: 0
replicas: 1
selector:
matchLabels:
app: kong2
serviceName: kong2
podManagementPolicy: Parallel
template:
metadata:
labels:
name: kong2
app: kong2
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- kong2
topologyKey: kubernetes.io/hostname
containers:
- name: kong2
image: kong:2.0
# command: ["sh", "-c", "kong migrations up"]
env:
- name: KONG_ADMIN_LISTEN
value: "0.0.0.0:8001, 0.0.0.0:8444 ssl"
- name: KONG_PG_HOST
value: "<pg_host>"
- name: KONG_PG_PORT
value: "<pg_port>"
- name: KONG_PG_SSL
value: "on"
- name: KONG_PG_SSL_VERIFY
value: "on"
- name: KONG_LUA_SSL_TRUSTED_CERTIFICATE
value: /tmp/kong2-tls/pg.crt
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_ERROR_LOG
value: "/dev/stderr"
- name: KONG_PLUGINS
value: "bundled"
- name: KONG_LOG_LEVEL
value: "debug"
- name: KONG_PG_USER
valueFrom:
secretKeyRef:
name: postgresql-db-credential
key: username
- name: KONG_PG_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-db-credential
key: password
- name: KONG_SSL_CERT
value: /tmp/kong2-tls/tls.crt
- name: KONG_SSL_CERT_KEY
value: /tmp/kong2-tls/tls.key
- name: KONG_REAL_IP_RECURSIVE
value: "on"
- name: KONG_REAL_IP_HEADER
value: x-forwarded-for
ports:
- name: kong2-admin
containerPort: 8001
protocol: TCP
- name: kong2-proxy
containerPort: 8000
protocol: TCP
- name: kong2-proxy-ssl
containerPort: 8443
protocol: TCP
- name: kong2-admin-ssl
containerPort: 8444
protocol: TCP
volumeMounts:
- mountPath: /tmp/kong2-tls
name: kong2-tls
volumes:
- name: kong2-tls
secret:
secretName: kong2-tls
---
apiVersion: v1
kind: Service
metadata:
name: kong2-admin
namespace: development
spec:
externalTrafficPolicy: Cluster
ports:
- name: kong2-admin
nodePort: 30012
port: 8001
protocol: TCP
targetPort: 8001
selector:
app: kong2
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
name: kong2-admin-ssl
namespace: development
spec:
externalTrafficPolicy: Cluster
ports:
- name: kong2-admin-ssl
nodePort: 30013
port: 8444
protocol: TCP
targetPort: 8444
selector:
app: kong2
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
name: kong2-proxy
namespace: development
spec:
externalTrafficPolicy: Cluster
ports:
- name: kong2-proxy
nodePort: 30010
port: 8000
protocol: TCP
targetPort: 8000
selector:
app: kong2
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
name: kong2-proxy-ssl
namespace: development
spec:
ports:
- nodePort: 30011
port: 8443
protocol: TCP
targetPort: 8443
selector:
app: kong2
sessionAffinity: None
type: LoadBalancer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment