Created
March 6, 2022 14:26
-
-
Save ysyukr/48a4db1e047f506fd61bf559b4da165d to your computer and use it in GitHub Desktop.
Kong Gateway - 2.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: kong/templates/service-account.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| --- | |
| # Source: kong/templates/controller-rbac-resources.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| name: chart-1646575860-kong | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - endpoints | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - endpoints/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongclusterplugins | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongclusterplugins/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongconsumers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongconsumers/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongplugins | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - kongplugins/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - tcpingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - tcpingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - udpingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - configuration.konghq.com | |
| resources: | |
| - udpingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - gatewayclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - gatewayclasses/status | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - gateways | |
| verbs: | |
| - get | |
| - list | |
| - update | |
| - watch | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - gateways/status | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - httproutes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - gateway.networking.k8s.io | |
| resources: | |
| - httproutes/status | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - networking.internal.knative.dev | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - networking.internal.knative.dev | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| --- | |
| # Source: kong/templates/controller-rbac-resources.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: chart-1646575860-kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: chart-1646575860-kong | |
| subjects: | |
| - kind: ServiceAccount | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| --- | |
| # Source: kong/templates/controller-rbac-resources.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - pods | |
| - secrets | |
| - namespaces | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| resourceNames: | |
| # Defaults to "<election-id>-<ingress-class>" | |
| # Here: "<kong-ingress-controller-leader-nginx>-<nginx>" | |
| # This has to be adapted if you change either parameter | |
| # when launching the nginx-ingress-controller. | |
| - "kong-ingress-controller-leader-kong-kong" | |
| verbs: | |
| - get | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - endpoints | |
| verbs: | |
| - get | |
| # Begin KIC 2.x leader permissions | |
| - apiGroups: | |
| - "" | |
| - coordination.k8s.io | |
| resources: | |
| - configmaps | |
| - leases | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| - endpoints | |
| verbs: | |
| - get | |
| --- | |
| # Source: kong/templates/controller-rbac-resources.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: chart-1646575860-kong | |
| subjects: | |
| - kind: ServiceAccount | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| --- | |
| # Source: kong/templates/service-kong-proxy.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: chart-1646575860-kong-proxy | |
| namespace: kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| enable-metrics: "true" | |
| spec: | |
| type: LoadBalancer | |
| ports: | |
| - name: kong-proxy | |
| port: 80 | |
| targetPort: 8000 | |
| appProtocol: http | |
| protocol: TCP | |
| - name: kong-proxy-tls | |
| port: 443 | |
| targetPort: 8443 | |
| appProtocol: https | |
| protocol: TCP | |
| selector: | |
| app.kubernetes.io/name: kong | |
| app.kubernetes.io/component: app | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| --- | |
| # Source: kong/templates/deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: chart-1646575860-kong | |
| namespace: kong | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| app.kubernetes.io/component: app | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: kong | |
| app.kubernetes.io/component: app | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| template: | |
| metadata: | |
| annotations: | |
| kuma.io/gateway: "enabled" | |
| traffic.sidecar.istio.io/includeInboundPorts: "" | |
| labels: | |
| app.kubernetes.io/name: kong | |
| helm.sh/chart: kong-2.7.0 | |
| app.kubernetes.io/instance: "chart-1646575860" | |
| app.kubernetes.io/managed-by: "Helm" | |
| app.kubernetes.io/version: "2.7" | |
| app.kubernetes.io/component: app | |
| app: chart-1646575860-kong | |
| version: "2.7" | |
| spec: | |
| serviceAccountName: chart-1646575860-kong | |
| automountServiceAccountToken: true | |
| initContainers: | |
| - name: clear-stale-pid | |
| image: kong:2.7 | |
| imagePullPolicy: IfNotPresent | |
| securityContext: | |
| {} | |
| resources: | |
| {} | |
| command: | |
| - "rm" | |
| - "-vrf" | |
| - "$KONG_PREFIX/pids" | |
| env: | |
| - name: KONG_ADMIN_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_ADMIN_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_ADMIN_GUI_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_ADMIN_GUI_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_ADMIN_LISTEN | |
| value: "127.0.0.1:8444 http2 ssl" | |
| - name: KONG_CLUSTER_LISTEN | |
| value: "off" | |
| - name: KONG_DATABASE | |
| value: "off" | |
| - name: KONG_KIC | |
| value: "on" | |
| - name: KONG_LUA_PACKAGE_PATH | |
| value: "/opt/?.lua;/opt/?/init.lua;;" | |
| - name: KONG_NGINX_WORKER_PROCESSES | |
| value: "2" | |
| - name: KONG_PLUGINS | |
| value: "bundled" | |
| - name: KONG_PORTAL_API_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_PORTAL_API_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_PORT_MAPS | |
| value: "80:8000, 443:8443" | |
| - name: KONG_PREFIX | |
| value: "/kong_prefix/" | |
| - name: KONG_PROXY_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_PROXY_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_PROXY_LISTEN | |
| value: "0.0.0.0:8000, 0.0.0.0:8443 http2 ssl" | |
| - name: KONG_STATUS_LISTEN | |
| value: "0.0.0.0:8100" | |
| - name: KONG_STREAM_LISTEN | |
| value: "off" | |
| volumeMounts: | |
| - name: chart-1646575860-kong-prefix-dir | |
| mountPath: /kong_prefix/ | |
| - name: chart-1646575860-kong-tmp | |
| mountPath: /tmp | |
| containers: | |
| - name: ingress-controller | |
| securityContext: | |
| {} | |
| args: | |
| ports: | |
| - name: cmetrics | |
| containerPort: 10255 | |
| protocol: TCP | |
| env: | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| - name: CONTROLLER_ELECTION_ID | |
| value: "kong-ingress-controller-leader-kong" | |
| - name: CONTROLLER_INGRESS_CLASS | |
| value: "kong" | |
| - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY | |
| value: "true" | |
| - name: CONTROLLER_KONG_ADMIN_URL | |
| value: "https://localhost:8444" | |
| - name: CONTROLLER_PUBLISH_SERVICE | |
| value: "kong/chart-1646575860-kong-proxy" | |
| image: kong/kubernetes-ingress-controller:2.2 | |
| imagePullPolicy: IfNotPresent | |
| readinessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| path: /healthz | |
| port: 10254 | |
| scheme: HTTP | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 5 | |
| livenessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| path: /healthz | |
| port: 10254 | |
| scheme: HTTP | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 5 | |
| resources: | |
| {} | |
| - name: "proxy" | |
| image: kong:2.7 | |
| imagePullPolicy: IfNotPresent | |
| securityContext: | |
| {} | |
| env: | |
| - name: KONG_ADMIN_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_ADMIN_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_ADMIN_GUI_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_ADMIN_GUI_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_ADMIN_LISTEN | |
| value: "127.0.0.1:8444 http2 ssl" | |
| - name: KONG_CLUSTER_LISTEN | |
| value: "off" | |
| - name: KONG_DATABASE | |
| value: "off" | |
| - name: KONG_KIC | |
| value: "on" | |
| - name: KONG_LUA_PACKAGE_PATH | |
| value: "/opt/?.lua;/opt/?/init.lua;;" | |
| - name: KONG_NGINX_WORKER_PROCESSES | |
| value: "2" | |
| - name: KONG_PLUGINS | |
| value: "bundled" | |
| - name: KONG_PORTAL_API_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_PORTAL_API_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_PORT_MAPS | |
| value: "80:8000, 443:8443" | |
| - name: KONG_PREFIX | |
| value: "/kong_prefix/" | |
| - name: KONG_PROXY_ACCESS_LOG | |
| value: "/dev/stdout" | |
| - name: KONG_PROXY_ERROR_LOG | |
| value: "/dev/stderr" | |
| - name: KONG_PROXY_LISTEN | |
| value: "0.0.0.0:8000, 0.0.0.0:8443 http2 ssl" | |
| - name: KONG_STATUS_LISTEN | |
| value: "0.0.0.0:8100" | |
| - name: KONG_STREAM_LISTEN | |
| value: "off" | |
| - name: KONG_NGINX_DAEMON | |
| value: "off" | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: | |
| - kong | |
| - quit | |
| - --wait=15 | |
| ports: | |
| - name: proxy | |
| containerPort: 8000 | |
| protocol: TCP | |
| - name: proxy-tls | |
| containerPort: 8443 | |
| protocol: TCP | |
| - name: status | |
| containerPort: 8100 | |
| protocol: TCP | |
| volumeMounts: | |
| - name: chart-1646575860-kong-prefix-dir | |
| mountPath: /kong_prefix/ | |
| - name: chart-1646575860-kong-tmp | |
| mountPath: /tmp | |
| readinessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| path: /status | |
| port: status | |
| scheme: HTTP | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 5 | |
| livenessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| path: /status | |
| port: status | |
| scheme: HTTP | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| timeoutSeconds: 5 | |
| resources: | |
| {} | |
| securityContext: | |
| {} | |
| terminationGracePeriodSeconds: 30 | |
| tolerations: | |
| [] | |
| volumes: | |
| - name: chart-1646575860-kong-prefix-dir | |
| emptyDir: {} | |
| - name: chart-1646575860-kong-tmp | |
| emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment