Created
March 6, 2022 14:26
-
-
Save ysyukr/48a4db1e047f506fd61bf559b4da165d to your computer and use it in GitHub Desktop.
Kong Gateway - 2.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: kong/templates/service-account.yaml | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: chart-1646575860-kong | |
namespace: kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
--- | |
# Source: kong/templates/controller-rbac-resources.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
name: chart-1646575860-kong | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- endpoints | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- endpoints/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- "" | |
resources: | |
- events | |
verbs: | |
- create | |
- patch | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- pods | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- secrets | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- secrets/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- services/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongclusterplugins | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongclusterplugins/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongconsumers | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongconsumers/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongplugins | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- kongplugins/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- tcpingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- tcpingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- udpingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- configuration.konghq.com | |
resources: | |
- udpingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- gatewayclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- gatewayclasses/status | |
verbs: | |
- get | |
- update | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- gateways | |
verbs: | |
- get | |
- list | |
- update | |
- watch | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- gateways/status | |
verbs: | |
- get | |
- update | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- httproutes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- gateway.networking.k8s.io | |
resources: | |
- httproutes/status | |
verbs: | |
- get | |
- update | |
- apiGroups: | |
- networking.internal.knative.dev | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- networking.internal.knative.dev | |
resources: | |
- ingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
- apiGroups: | |
- networking.k8s.io | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- networking.k8s.io | |
resources: | |
- ingresses/status | |
verbs: | |
- get | |
- patch | |
- update | |
--- | |
# Source: kong/templates/controller-rbac-resources.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: chart-1646575860-kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: chart-1646575860-kong | |
subjects: | |
- kind: ServiceAccount | |
name: chart-1646575860-kong | |
namespace: kong | |
--- | |
# Source: kong/templates/controller-rbac-resources.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: chart-1646575860-kong | |
namespace: kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- pods | |
- secrets | |
- namespaces | |
verbs: | |
- get | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
resourceNames: | |
# Defaults to "<election-id>-<ingress-class>" | |
# Here: "<kong-ingress-controller-leader-nginx>-<nginx>" | |
# This has to be adapted if you change either parameter | |
# when launching the nginx-ingress-controller. | |
- "kong-ingress-controller-leader-kong-kong" | |
verbs: | |
- get | |
- update | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
verbs: | |
- create | |
- apiGroups: | |
- "" | |
resources: | |
- endpoints | |
verbs: | |
- get | |
# Begin KIC 2.x leader permissions | |
- apiGroups: | |
- "" | |
- coordination.k8s.io | |
resources: | |
- configmaps | |
- leases | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- apiGroups: | |
- "" | |
resources: | |
- events | |
verbs: | |
- create | |
- patch | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
- endpoints | |
verbs: | |
- get | |
--- | |
# Source: kong/templates/controller-rbac-resources.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: chart-1646575860-kong | |
namespace: kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: chart-1646575860-kong | |
subjects: | |
- kind: ServiceAccount | |
name: chart-1646575860-kong | |
namespace: kong | |
--- | |
# Source: kong/templates/service-kong-proxy.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: chart-1646575860-kong-proxy | |
namespace: kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
enable-metrics: "true" | |
spec: | |
type: LoadBalancer | |
ports: | |
- name: kong-proxy | |
port: 80 | |
targetPort: 8000 | |
appProtocol: http | |
protocol: TCP | |
- name: kong-proxy-tls | |
port: 443 | |
targetPort: 8443 | |
appProtocol: https | |
protocol: TCP | |
selector: | |
app.kubernetes.io/name: kong | |
app.kubernetes.io/component: app | |
app.kubernetes.io/instance: "chart-1646575860" | |
--- | |
# Source: kong/templates/deployment.yaml | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: chart-1646575860-kong | |
namespace: kong | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
app.kubernetes.io/component: app | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: kong | |
app.kubernetes.io/component: app | |
app.kubernetes.io/instance: "chart-1646575860" | |
template: | |
metadata: | |
annotations: | |
kuma.io/gateway: "enabled" | |
traffic.sidecar.istio.io/includeInboundPorts: "" | |
labels: | |
app.kubernetes.io/name: kong | |
helm.sh/chart: kong-2.7.0 | |
app.kubernetes.io/instance: "chart-1646575860" | |
app.kubernetes.io/managed-by: "Helm" | |
app.kubernetes.io/version: "2.7" | |
app.kubernetes.io/component: app | |
app: chart-1646575860-kong | |
version: "2.7" | |
spec: | |
serviceAccountName: chart-1646575860-kong | |
automountServiceAccountToken: true | |
initContainers: | |
- name: clear-stale-pid | |
image: kong:2.7 | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
{} | |
resources: | |
{} | |
command: | |
- "rm" | |
- "-vrf" | |
- "$KONG_PREFIX/pids" | |
env: | |
- name: KONG_ADMIN_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_ADMIN_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_ADMIN_GUI_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_ADMIN_GUI_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_ADMIN_LISTEN | |
value: "127.0.0.1:8444 http2 ssl" | |
- name: KONG_CLUSTER_LISTEN | |
value: "off" | |
- name: KONG_DATABASE | |
value: "off" | |
- name: KONG_KIC | |
value: "on" | |
- name: KONG_LUA_PACKAGE_PATH | |
value: "/opt/?.lua;/opt/?/init.lua;;" | |
- name: KONG_NGINX_WORKER_PROCESSES | |
value: "2" | |
- name: KONG_PLUGINS | |
value: "bundled" | |
- name: KONG_PORTAL_API_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_PORTAL_API_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_PORT_MAPS | |
value: "80:8000, 443:8443" | |
- name: KONG_PREFIX | |
value: "/kong_prefix/" | |
- name: KONG_PROXY_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_PROXY_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_PROXY_LISTEN | |
value: "0.0.0.0:8000, 0.0.0.0:8443 http2 ssl" | |
- name: KONG_STATUS_LISTEN | |
value: "0.0.0.0:8100" | |
- name: KONG_STREAM_LISTEN | |
value: "off" | |
volumeMounts: | |
- name: chart-1646575860-kong-prefix-dir | |
mountPath: /kong_prefix/ | |
- name: chart-1646575860-kong-tmp | |
mountPath: /tmp | |
containers: | |
- name: ingress-controller | |
securityContext: | |
{} | |
args: | |
ports: | |
- name: cmetrics | |
containerPort: 10255 | |
protocol: TCP | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: CONTROLLER_ELECTION_ID | |
value: "kong-ingress-controller-leader-kong" | |
- name: CONTROLLER_INGRESS_CLASS | |
value: "kong" | |
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY | |
value: "true" | |
- name: CONTROLLER_KONG_ADMIN_URL | |
value: "https://localhost:8444" | |
- name: CONTROLLER_PUBLISH_SERVICE | |
value: "kong/chart-1646575860-kong-proxy" | |
image: kong/kubernetes-ingress-controller:2.2 | |
imagePullPolicy: IfNotPresent | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 10254 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 10254 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
resources: | |
{} | |
- name: "proxy" | |
image: kong:2.7 | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
{} | |
env: | |
- name: KONG_ADMIN_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_ADMIN_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_ADMIN_GUI_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_ADMIN_GUI_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_ADMIN_LISTEN | |
value: "127.0.0.1:8444 http2 ssl" | |
- name: KONG_CLUSTER_LISTEN | |
value: "off" | |
- name: KONG_DATABASE | |
value: "off" | |
- name: KONG_KIC | |
value: "on" | |
- name: KONG_LUA_PACKAGE_PATH | |
value: "/opt/?.lua;/opt/?/init.lua;;" | |
- name: KONG_NGINX_WORKER_PROCESSES | |
value: "2" | |
- name: KONG_PLUGINS | |
value: "bundled" | |
- name: KONG_PORTAL_API_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_PORTAL_API_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_PORT_MAPS | |
value: "80:8000, 443:8443" | |
- name: KONG_PREFIX | |
value: "/kong_prefix/" | |
- name: KONG_PROXY_ACCESS_LOG | |
value: "/dev/stdout" | |
- name: KONG_PROXY_ERROR_LOG | |
value: "/dev/stderr" | |
- name: KONG_PROXY_LISTEN | |
value: "0.0.0.0:8000, 0.0.0.0:8443 http2 ssl" | |
- name: KONG_STATUS_LISTEN | |
value: "0.0.0.0:8100" | |
- name: KONG_STREAM_LISTEN | |
value: "off" | |
- name: KONG_NGINX_DAEMON | |
value: "off" | |
lifecycle: | |
preStop: | |
exec: | |
command: | |
- kong | |
- quit | |
- --wait=15 | |
ports: | |
- name: proxy | |
containerPort: 8000 | |
protocol: TCP | |
- name: proxy-tls | |
containerPort: 8443 | |
protocol: TCP | |
- name: status | |
containerPort: 8100 | |
protocol: TCP | |
volumeMounts: | |
- name: chart-1646575860-kong-prefix-dir | |
mountPath: /kong_prefix/ | |
- name: chart-1646575860-kong-tmp | |
mountPath: /tmp | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /status | |
port: status | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /status | |
port: status | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
resources: | |
{} | |
securityContext: | |
{} | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
[] | |
volumes: | |
- name: chart-1646575860-kong-prefix-dir | |
emptyDir: {} | |
- name: chart-1646575860-kong-tmp | |
emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment