robincher/cp-values.yaml

## cp-values.yaml
image:
  repository: kong/kong-gateway
  tag: 3.4.3.5

env:
  # Env variables to overwrite, read more here https://github.com/Kong/kong/blob/master/kong.conf.default
  prefix: /kong_prefix/
  role: control_plane

  #Logs Output level https://docs.konghq.com/gateway/latest/configure/logging/
  log_level: warn
  nginx_worker_processes: "1"   #On Kubernetes, set nginx_worker_processes to one or two less than the worker node CPUs.
  proxy_access_log: /dev/stdout
  admin_access_log: /dev/stdout
  admin_gui_access_log: /dev/stdout
  proxy_error_log: /dev/stderr
  admin_error_log: /dev/stderr
  admin_gui_error_log: /dev/stderr
  portal_api_access_log: /dev/stdout
  portal_api_error_log: /dev/stderr

  database: postgres
  # Variables to set if you are using external Postgres Database
  pg_host: kong-db-postgresql.kong.svc.cluster.local
  pg_port: 5432
  pg_user: konger
  pg_database: kong # Pre-create in RDS First
  pg_password:
    valueFrom:
      secretKeyRef:
        name: kong-db-password #CHANGEME
        key: postgresql-password #CHANGEME

  tracing_instrumentations: true
  tracing_sampling_rate: 0.2

  # Any Custom Plugins you built
  plugins: bundled

  ## Admin Configuration ##
  #FQDN for your admin API route, you can indicate this if you already created an entry in Route 53 (Recommended Approach). Something like admin.kong.dev.customer.com
  admin_api_uri:  http://somewhere:8444

  #FQDN for your admin gui (Kong Manager) route, you can indicate this if you already created an entry in Route 53 (Recommended Approach) manager.kong.dev.customer.com
  admin_gui_url:  http://somewhere:8444

  ### TLS Settings ###

  # Hybird Mode Communication requirement
  cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
  cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
  cluster_mtls: shared

  portal: off

  password: # Set default Super Admin Password
    valueFrom:
      secretKeyRef:
        name: kong-enterprise-superuser-password
        key: password

cluster:
  enabled: true
  type: ClusterIP
  tls:
    enabled: true
    servicePort: 8005
    containerPort: 8005

clustertelemetry:
  enabled: true
  type: ClusterIP # set to cluster ip if both CP and DP sits together
  tls:
    enabled: true
    servicePort: 8006
    containerPort: 8006

admin:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public

  http:
    # Enable plaintext HTTP listen for the admin API
    # Disabling this and using a TLS listen only is recommended for most configuration
    enabled: false

  tls:
    # Enable HTTPS listen for the admin API
    enabled: true
    servicePort: 8444
    containerPort: 8444
    parameters:
    - http2

proxy:
  # Enable creating a Kubernetes service for the proxy
  enabled: false

secretVolumes:
- kong-cluster-cert

enterprise:
  enabled: true
  # CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
  license_secret: kong-enterprise-license
  vitals:
    enabled: true
  portal:
    enabled: true
  rbac:
    enabled: true
    admin_gui_auth: basic-auth
    session_conf_secret: kong-session-config
    admin_gui_auth_conf_secret: kong-session-config
  smtp:
    enabled: false
    # portal_emails_from: none@example.com
    # portal_emails_reply_to: none@example.com
    # admin_emails_from: none@example.com
    # admin_emails_reply_to: none@example.com
    # smtp_admin_emails: none@example.com
    # smtp_host: smtp.example.com
    # smtp_port: 587
    # smtp_auth_type: ''
    # smtp_ssl: nil
    # smtp_starttls: true
    # auth:
    #   # If your SMTP server does not require authentication, this section can
    #   # be left as-is. If smtp_username is set to anything other than an empty
    #   # string, you must create a Secret with an smtp_password key containing
    #   # your SMTP password and specify its name here.
    #   smtp_username: ''  # e.g. postmaster@example.com
    #   smtp_password_secret: CHANGEME-smtp-password

manager:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public
  http:
    enabled: false


portal:
  enabled: off # Enable True if required

portalapi:
  enabled: off # Enable True if required

postgresql:
  enabled: false  #set to fasle if using Remote RDS
  # auth:
  #   username: kong
  #   database: kong


# -----------------------------------------------------------------------------
# Configure cert-manager integration
# -----------------------------------------------------------------------------
certificates:
  enabled: false

# Enable/disable migration jobs, and set annotations for them
migrations:
  # Enable pre-upgrade migrations (run "kong migrations up")
  preUpgrade: true
  # Enable post-upgrade migrations (run "kong migrations finish")
  postUpgrade: true

ingressController:
  enabled: false
  installCRDs: false
	image:
	repository: kong/kong-gateway
	tag: 3.4.3.5

	env:
	# Env variables to overwrite, read more here https://github.com/Kong/kong/blob/master/kong.conf.default
	prefix: /kong_prefix/
	role: control_plane

	#Logs Output level https://docs.konghq.com/gateway/latest/configure/logging/
	log_level: warn
	nginx_worker_processes: "1" #On Kubernetes, set nginx_worker_processes to one or two less than the worker node CPUs.
	proxy_access_log: /dev/stdout
	admin_access_log: /dev/stdout
	admin_gui_access_log: /dev/stdout
	proxy_error_log: /dev/stderr
	admin_error_log: /dev/stderr
	admin_gui_error_log: /dev/stderr
	portal_api_access_log: /dev/stdout
	portal_api_error_log: /dev/stderr

	database: postgres
	# Variables to set if you are using external Postgres Database
	pg_host: kong-db-postgresql.kong.svc.cluster.local
	pg_port: 5432
	pg_user: konger
	pg_database: kong # Pre-create in RDS First
	pg_password:
	valueFrom:
	secretKeyRef:
	name: kong-db-password #CHANGEME
	key: postgresql-password #CHANGEME

	tracing_instrumentations: true
	tracing_sampling_rate: 0.2

	# Any Custom Plugins you built
	plugins: bundled

	## Admin Configuration ##
	#FQDN for your admin API route, you can indicate this if you already created an entry in Route 53 (Recommended Approach). Something like admin.kong.dev.customer.com
	admin_api_uri: http://somewhere:8444

	#FQDN for your admin gui (Kong Manager) route, you can indicate this if you already created an entry in Route 53 (Recommended Approach) manager.kong.dev.customer.com
	admin_gui_url: http://somewhere:8444

	### TLS Settings ###

	# Hybird Mode Communication requirement
	cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
	cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
	cluster_mtls: shared

	portal: off

	password: # Set default Super Admin Password
	valueFrom:
	secretKeyRef:
	name: kong-enterprise-superuser-password
	key: password

	cluster:
	enabled: true
	type: ClusterIP
	tls:
	enabled: true
	servicePort: 8005
	containerPort: 8005

	clustertelemetry:
	enabled: true
	type: ClusterIP # set to cluster ip if both CP and DP sits together
	tls:
	enabled: true
	servicePort: 8006
	containerPort: 8006

	admin:
	enabled: true
	type: LoadBalancer
	annotations:
	service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
	service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public

	http:
	# Enable plaintext HTTP listen for the admin API
	# Disabling this and using a TLS listen only is recommended for most configuration
	enabled: false

	tls:
	# Enable HTTPS listen for the admin API
	enabled: true
	servicePort: 8444
	containerPort: 8444
	parameters:
	- http2

	proxy:
	# Enable creating a Kubernetes service for the proxy
	enabled: false

	secretVolumes:
	- kong-cluster-cert

	enterprise:
	enabled: true
	# CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
	license_secret: kong-enterprise-license
	vitals:
	enabled: true
	portal:
	enabled: true
	rbac:
	enabled: true
	admin_gui_auth: basic-auth
	session_conf_secret: kong-session-config
	admin_gui_auth_conf_secret: kong-session-config
	smtp:
	enabled: false
	# portal_emails_from: none@example.com
	# portal_emails_reply_to: none@example.com
	# admin_emails_from: none@example.com
	# admin_emails_reply_to: none@example.com
	# smtp_admin_emails: none@example.com
	# smtp_host: smtp.example.com
	# smtp_port: 587
	# smtp_auth_type: ''
	# smtp_ssl: nil
	# smtp_starttls: true
	# auth:
	# # If your SMTP server does not require authentication, this section can
	# # be left as-is. If smtp_username is set to anything other than an empty
	# # string, you must create a Secret with an smtp_password key containing
	# # your SMTP password and specify its name here.
	# smtp_username: '' # e.g. postmaster@example.com
	# smtp_password_secret: CHANGEME-smtp-password

	manager:
	enabled: true
	type: LoadBalancer
	annotations:
	service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
	service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public
	http:
	enabled: false


	portal:
	enabled: off # Enable True if required

	portalapi:
	enabled: off # Enable True if required

	postgresql:
	enabled: false #set to fasle if using Remote RDS
	# auth:
	# username: kong
	# database: kong


	# -----------------------------------------------------------------------------
	# Configure cert-manager integration
	# -----------------------------------------------------------------------------
	certificates:
	enabled: false

	# Enable/disable migration jobs, and set annotations for them
	migrations:
	# Enable pre-upgrade migrations (run "kong migrations up")
	preUpgrade: true
	# Enable post-upgrade migrations (run "kong migrations finish")
	postUpgrade: true

	ingressController:
	enabled: false
	installCRDs: false