robincher/kong-flux.yaml

## kong-flux.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: kong
  namespace: flux-system
spec:
  interval: 30m
  url: https://charts.konghq.com
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: kong
  namespace: kong
spec:
  chart:
    spec:
      chart: kong
      sourceRef:
        kind: HelmRepository
        name: kong
        namespace: flux-system
      version: ">=2.8.0"
  install:
    remediation:
      retries: 3
  values:
    image:
      repository: kong/kong-gateway
      tag: "2.8"
    env:
      prefix: /kong_prefix/

      # Logs Output
      nginx_worker_processes: "1"
      proxy_access_log: /dev/stdout
      admin_access_log: /dev/stdout
      admin_gui_access_log: /dev/stdout
      portal_api_access_log: /dev/stdout
      proxy_error_log: /dev/stderr
      admin_error_log: /dev/stderr
      admin_gui_error_log: /dev/stderr
      portal_api_error_log: /dev/stderr

      database: postgres
      ## Variables to set if you are using external Postgres Database
      #pg_host: ${db_host} # "kong-db-postgresql.kong.svc.cluster.local"
      #pg_port: ${db_port} # 5044 typically
      #pg_user: ${db_username}
      #pg_password:
      # valueFrom:
      #   secretKeyRef:
      #     name: kong-db-password #CHANGEME
      #     key: postgresql-password #CHANGEME
      #pg_ssl: "off"
      #pg_ssl_verify: "off"

      # Proxy Secret Key pair
      ssl_cert: /etc/secrets/kong-proxy-secret/tls.crt
      ssl_cert_key: /etc/secrets/kong-proxy-secret/tls.key

      #Admin
      admin_api_uri: https://admin.schoo.dev
      admin_gui_url: https://manager.schoo.dev

      # Portal
      portal_gui_protocol: https
      portal_api_url: https://portalapi.schoo.dev
      portal_gui_host: portal.schoo.dev
      portal_auth: basic-auth
      portal_session_conf: '{ "cookie_name":"portal_session","secret":"xxxx","storage":"kong", "cookie_secure": false, "cookie_domain": ".schoo.dev", "cookie_samesite": "off"}'

      portal: on
      password: # Set Super Admin Password
        valueFrom:
          secretKeyRef:
            name: kong-enterprise-superuser-password
            key: password

    admin:
      enabled: true
      annotations:
        konghq.com/protocol: "https"
      tls:
        # Enable HTTPS listen for the admin API
        enabled: true
        servicePort: 8444
        containerPort: 8444
        # Set a target port for the TLS port in the admin API service, useful when using TLS
        # termination on an ELB.
        # overrideServiceTargetPort: 8000
        # Set a nodePort which is available if service type is NodePort
        # nodePort: 32443
        # Additional listen parameters, e.g. "reuseport", "backlog=16384"
        parameters:
        - http2
      http:
      # Enable plaintext HTTP listen for the admin API
      # Disabling this and using a TLS listen only is recommended for most configuration
        enabled: true
        servicePort: 8001
        containerPort: 8001
      # Set a nodePort which is available if service type is NodePort
      # nodePort: 32080
      # Additional listen parameters, e.g. "reuseport", "backlog=16384"
      parameters: []

      ingress:
        enabled: true
        tls: admin-nyp-dev
        hostname: admin.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /

    # Specify Kong proxy service configuration
    proxy:
      # Enable creating a Kubernetes service for the proxy
      enabled: true
      type: LoadBalancer
      labels:
        enable-metrics: "true"

      http:
        enabled: true
        servicePort: 80
        containerPort: 8000
        parameters: []

      tls:
        enabled: true
        servicePort: 443
        containerPort: 8443
        parameters:
        - http2


    secretVolumes:
    - kong-proxy-secret

    enterprise:
      enabled: true
      # CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
      license_secret: kong-enterprise-license
      vitals:
        enabled: true
      portal:
        enabled: true
      rbac:
        enabled: true
        admin_gui_auth: basic-auth
        session_conf_secret: kong-session-config
        admin_gui_auth_conf_secret: kong-session-config
      smtp:
        enabled: false

    manager:
      enabled: true
      type: ClusterIP
      annotations:
        konghq.com/protocol: "https"

      http:
        enabled: true
        servicePort: 8002
        containerPort: 8002
        parameters: []

      tls:
        enabled: true
        servicePort: 8445
        containerPort: 8445
        parameters:
        - http2

      ingress:
        enabled: true
        tls: manager-nyp-dev
        hostname: manager.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /
      externalIPs: []

    portal:
      enabled: true
      type: ClusterIP
      annotations:
        konghq.com/protocol: "https"

      http:
        enabled: true
        servicePort: 8003
        containerPort: 8003
        parameters: []

      tls:
        enabled: true
        servicePort: 8446
        containerPort: 8446
        parameters:
        - http2

      ingress:
        enabled: true
        tls: portal-nyp-dev
        hostname: portal.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /

      externalIPs: []

    portalapi:
      enabled: false

    postgresql:
      enabled: true
      auth:
        username: kong
        database: kong

    ingressController:
      enabled: true
      installCRDs: false
      env:
        kong_admin_token:
          valueFrom:
            secretKeyRef:
              name: kong-enterprise-superuser-password #CHANGEME
              key: password #CHANGEME
	apiVersion: source.toolkit.fluxcd.io/v1beta2
	kind: HelmRepository
	metadata:
	name: kong
	namespace: flux-system
	spec:
	interval: 30m
	url: https://charts.konghq.com
	---
	apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	metadata:
	name: kong
	namespace: kong
	spec:
	chart:
	spec:
	chart: kong
	sourceRef:
	kind: HelmRepository
	name: kong
	namespace: flux-system
	version: ">=2.8.0"
	install:
	remediation:
	retries: 3
	values:
	image:
	repository: kong/kong-gateway
	tag: "2.8"
	env:
	prefix: /kong_prefix/

	# Logs Output
	nginx_worker_processes: "1"
	proxy_access_log: /dev/stdout
	admin_access_log: /dev/stdout
	admin_gui_access_log: /dev/stdout
	portal_api_access_log: /dev/stdout
	proxy_error_log: /dev/stderr
	admin_error_log: /dev/stderr
	admin_gui_error_log: /dev/stderr
	portal_api_error_log: /dev/stderr

	database: postgres
	## Variables to set if you are using external Postgres Database
	#pg_host: ${db_host} # "kong-db-postgresql.kong.svc.cluster.local"
	#pg_port: ${db_port} # 5044 typically
	#pg_user: ${db_username}
	#pg_password:
	# valueFrom:
	# secretKeyRef:
	# name: kong-db-password #CHANGEME
	# key: postgresql-password #CHANGEME
	#pg_ssl: "off"
	#pg_ssl_verify: "off"

	# Proxy Secret Key pair
	ssl_cert: /etc/secrets/kong-proxy-secret/tls.crt
	ssl_cert_key: /etc/secrets/kong-proxy-secret/tls.key

	#Admin
	admin_api_uri: https://admin.schoo.dev
	admin_gui_url: https://manager.schoo.dev

	# Portal
	portal_gui_protocol: https
	portal_api_url: https://portalapi.schoo.dev
	portal_gui_host: portal.schoo.dev
	portal_auth: basic-auth
	portal_session_conf: '{ "cookie_name":"portal_session","secret":"xxxx","storage":"kong", "cookie_secure": false, "cookie_domain": ".schoo.dev", "cookie_samesite": "off"}'

	portal: on
	password: # Set Super Admin Password
	valueFrom:
	secretKeyRef:
	name: kong-enterprise-superuser-password
	key: password

	admin:
	enabled: true
	annotations:
	konghq.com/protocol: "https"
	tls:
	# Enable HTTPS listen for the admin API
	enabled: true
	servicePort: 8444
	containerPort: 8444
	# Set a target port for the TLS port in the admin API service, useful when using TLS
	# termination on an ELB.
	# overrideServiceTargetPort: 8000
	# Set a nodePort which is available if service type is NodePort
	# nodePort: 32443
	# Additional listen parameters, e.g. "reuseport", "backlog=16384"
	parameters:
	- http2
	http:
	# Enable plaintext HTTP listen for the admin API
	# Disabling this and using a TLS listen only is recommended for most configuration
	enabled: true
	servicePort: 8001
	containerPort: 8001
	# Set a nodePort which is available if service type is NodePort
	# nodePort: 32080
	# Additional listen parameters, e.g. "reuseport", "backlog=16384"
	parameters: []

	ingress:
	enabled: true
	tls: admin-nyp-dev
	hostname: admin.schoo.dev
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
	ingressClassName: kong
	path: /

	# Specify Kong proxy service configuration
	proxy:
	# Enable creating a Kubernetes service for the proxy
	enabled: true
	type: LoadBalancer
	labels:
	enable-metrics: "true"

	http:
	enabled: true
	servicePort: 80
	containerPort: 8000
	parameters: []

	tls:
	enabled: true
	servicePort: 443
	containerPort: 8443
	parameters:
	- http2


	secretVolumes:
	- kong-proxy-secret

	enterprise:
	enabled: true
	# CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
	license_secret: kong-enterprise-license
	vitals:
	enabled: true
	portal:
	enabled: true
	rbac:
	enabled: true
	admin_gui_auth: basic-auth
	session_conf_secret: kong-session-config
	admin_gui_auth_conf_secret: kong-session-config
	smtp:
	enabled: false

	manager:
	enabled: true
	type: ClusterIP
	annotations:
	konghq.com/protocol: "https"

	http:
	enabled: true
	servicePort: 8002
	containerPort: 8002
	parameters: []

	tls:
	enabled: true
	servicePort: 8445
	containerPort: 8445
	parameters:
	- http2

	ingress:
	enabled: true
	tls: manager-nyp-dev
	hostname: manager.schoo.dev
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
	ingressClassName: kong
	path: /
	externalIPs: []

	portal:
	enabled: true
	type: ClusterIP
	annotations:
	konghq.com/protocol: "https"

	http:
	enabled: true
	servicePort: 8003
	containerPort: 8003
	parameters: []

	tls:
	enabled: true
	servicePort: 8446
	containerPort: 8446
	parameters:
	- http2

	ingress:
	enabled: true
	tls: portal-nyp-dev
	hostname: portal.schoo.dev
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
	ingressClassName: kong
	path: /

	externalIPs: []

	portalapi:
	enabled: false

	postgresql:
	enabled: true
	auth:
	username: kong
	database: kong

	ingressController:
	enabled: true
	installCRDs: false
	env:
	kong_admin_token:
	valueFrom:
	secretKeyRef:
	name: kong-enterprise-superuser-password #CHANGEME
	key: password #CHANGEME