1 # Default values for kong.
2 # Declare variables to be passed into your templates.
6 # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
8 pullPolicy: IfNotPresent
9 ## Optionally specify an array of imagePullSecrets.
10 ## Secrets must be manually created in the namespace.
11 ## If using the official Kong Enterprise registry above, you MUST provide a secret.
12 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
15 # - myRegistrKeySecretName
21 # Specify Kong admin and proxy services configurations
23 # If you want to specify annotations for the admin service, uncomment the following
24 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
26 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
28 # HTTPS traffic on the admin port
29 # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP'
33 # Kong admin service type
35 # Set a nodePort which is available
37 # Kong admin ingress settings.
39 # Enable/disable exposure using ingress.
42 # tls: kong-admin.example.com-tls
43 # Array of ingress hosts.
45 # Map of ingress annotations.
51 # If you want to specify annotations for the proxy service, uncomment the following
52 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
54 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
56 # HTTP plain-text traffic
61 # Set a nodePort which is available if service type is NodePort
68 # Set a nodePort which is available if service type is NodePort
73 # Kong proxy ingress settings.
75 # Enable/disable exposure using ingress.
78 # tls: kong-proxy.example.com-tls
79 # Array of ingress hosts.
81 # Map of ingress annotations.
89 # If you want to specify annotations for the Manager service, uncomment the following
90 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
92 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
94 # HTTP plain-text traffic
99 # Set a nodePort which is available if service type is NodePort
106 # Set a nodePort which is available if service type is NodePort
111 # Kong proxy ingress settings.
113 # Enable/disable exposure using ingress.
116 # tls: kong-proxy.example.com-tls
117 # Array of ingress hosts.
119 # Map of ingress annotations.
127 # If you want to specify annotations for the Portal service, uncomment the following
128 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
130 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
132 # HTTP plain-text traffic
137 # Set a nodePort which is available if service type is NodePort
144 # Set a nodePort which is available if service type is NodePort
149 # Kong proxy ingress settings.
151 # Enable/disable exposure using ingress.
154 # tls: kong-proxy.example.com-tls
155 # Array of ingress hosts.
157 # Map of ingress annotations.
165 # If you want to specify annotations for the Portal API service, uncomment the following
166 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
168 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
170 # HTTP plain-text traffic
175 # Set a nodePort which is available if service type is NodePort
182 # Set a nodePort which is available if service type is NodePort
187 # Kong proxy ingress settings.
189 # Enable/disable exposure using ingress.
192 # tls: kong-proxy.example.com-tls
193 # Array of ingress hosts.
195 # Map of ingress annotations.
202 # Toggle Kong Enterprise features on or off
203 # RBAC and SMTP configuration have additional options that must all be set together
204 # Other settings should be added to the "env" settings below
207 # Kong Enterprise license secret name
208 # This secret must contain a single 'license' key, containing your base64-encoded license data
209 # The license secret is required for all Kong Enterprise deployments
210 license_secret: you-must-create-a-kong-license-secret
211 # Session configuration secret
212 # The session conf secret is required if using RBAC or the Portal
217 # portal_auth here sets the default authentication mechanism for the Portal
218 # FIXME This can be changed per-workspace, but must currently default to
219 # basic-auth to work around limitations with session configuration
220 portal_auth: basic-auth
221 # If the Portal is enabled and any workspace's Portal uses authentication,
222 # this Secret must contain an portal_session_conf key
223 # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
224 session_conf_secret: you-must-create-a-portal-session-conf-secret
227 admin_gui_auth: basic-auth
228 # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
229 # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
230 session_conf_secret: you-must-create-an-rbac-session-conf-secret
231 # Set to the appropriate plugin config JSON if not using basic-auth
232 # admin_gui_auth_conf: ''
235 portal_emails_from: none@example.com
236 portal_emails_reply_to: none@example.com
237 admin_emails_from: none@example.com
238 admin_emails_reply_to: none@example.com
239 smtp_admin_emails: none@example.com
240 smtp_host: smtp.example.com
244 # If your SMTP server does not require authentication, this section can
245 # be left as-is. If smtp_username is set to anything other than an empty
246 # string, you must create a Secret with an smtp_password key containing
247 # your SMTP password and specify its name here.
248 smtp_username: '' # e.g. postmaster@example.com
249 smtp_password_secret: you-must-create-an-smtp-password
251 # Set runMigrations to run Kong migrations
254 # Specify Kong configurations
255 # Kong configurations guide https://getkong.org/docs/latest/configuration/
258 proxy_access_log: /dev/stdout
259 admin_access_log: /dev/stdout
260 admin_gui_access_log: /dev/stdout
261 portal_api_access_log: /dev/stdout
262 proxy_error_log: /dev/stderr
263 admin_error_log: /dev/stderr
264 admin_gui_error_log: /dev/stderr
265 portal_api_error_log: /dev/stderr
267 # If you want to specify resources, uncomment the following
268 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
277 # readinessProbe for Kong pods
278 # If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
284 initialDelaySeconds: 30
290 # livenessProbe for Kong pods
291 # If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
297 initialDelaySeconds: 30
303 # Affinity for pod assignment
304 # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
307 # Tolerations for pod assignment
308 # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
311 # Node labels for pod assignment
312 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
315 # Annotation to be added to Kong pods
321 # Kong has a choice of either Postgres or Cassandra as a backend datatstore.
322 # This chart allows you to choose either of them with the `database.type`
323 # parameter. Postgres is chosen by default.
325 # Additionally, this chart allows you to use your own database or spin up a new
326 # instance by using the `postgres.enabled` or `cassandra.enabled` parameters.
327 # Enabling both will create both databases in your cluster, but only one
328 # will be used by Kong based on the `env.database` parameter.
329 # Postgres is enabled by default.
331 # Cassandra chart configs
335 # PostgreSQL chart configs
338 postgresqlUsername: kong
339 postgresqlDatabase: kong
343 # Kong Ingress Controller's primary purpose is to satisfy Ingress resources
344 # created in k8s. It uses CRDs for more fine grained control over routing and
345 # for Kong specific configuration.
349 repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
358 initialDelaySeconds: 30
368 initialDelaySeconds: 30
376 # Specifies whether RBAC resources should be created
380 # Specifies whether a ServiceAccount should be created
382 # The name of the ServiceAccount to use.
383 # If not set and create is true, a name is generated using the fullname template