1 # Default values for Kong's Helm Chart.
2 # Declare variables to be passed into your templates.
6 # - Ingress Controller parameters
7 # - Postgres sub-chart parameters
8 # - Miscellaneous parameters
9 # - Kong Enterprise parameters
11 # -----------------------------------------------------------------------------
13 # -----------------------------------------------------------------------------
15 # Specify Kong configurations
16 # Kong configurations guide https://docs.konghq.com/latest/configuration
17 # Values here take precedence over values from other sections of values.yaml,
18 # e.g. setting pg_user here will override the value normally set when postgresql.enabled
19 # is set below. In general, you should not set values here if they are set elsewhere.
22 nginx_worker_processes: "1"
23 proxy_access_log: /dev/stdout
24 admin_access_log: /dev/stdout
25 admin_gui_access_log: /dev/stdout
26 portal_api_access_log: /dev/stdout
27 proxy_error_log: /dev/stderr
28 admin_error_log: /dev/stderr
29 admin_gui_error_log: /dev/stderr
30 portal_api_error_log: /dev/stderr
33 # Specify Kong's Docker image and repository details here
36 # repository: kong-docker-kong-enterprise-k8s.bintray.io/kong-enterprise-k8s
37 # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
39 pullPolicy: IfNotPresent
40 ## Optionally specify an array of imagePullSecrets.
41 ## Secrets must be manually created in the namespace.
42 ## If using the official Kong Enterprise registry above, you MUST provide a secret.
43 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
46 # - myRegistrKeySecretName
48 # Specify Kong admin service configuration
49 # Note: It is recommended to not use the Admin API to configure Kong
50 # when using Kong as an Ingress Controller.
53 # If you want to specify annotations for the admin service, uncomment the following
54 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
56 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
58 # HTTPS traffic on the admin port
59 # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP'
63 # Kong admin service type
65 # Set a nodePort which is available
67 # Kong admin ingress settings. Useful if you want to expose the Admin
68 # API of Kong outside the k8s cluster.
70 # Enable/disable exposure using ingress.
73 # tls: kong-admin.example.com-tls
76 # Map of ingress annotations.
81 # Specify Kong proxy service configuration
83 # If you want to specify annotations for the proxy service, uncomment the following
84 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
86 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
88 # HTTP plain-text traffic
93 # Set a nodePort which is available if service type is NodePort
100 # Set a target port for the TLS port in proxy service, useful when using TLS
101 # termination on an ELB.
102 # overrideServiceTargetPort: 8000
103 # Set a nodePort which is available if service type is NodePort
108 # Kong proxy ingress settings.
109 # Note: You need this only if you are using another Ingress Controller
110 # to expose Kong outside the k8s cluster.
112 # Enable/disable exposure using ingress.
115 # TLS section. Unlike other ingresses, this follows the format at
116 # https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
120 # secretName: example1-com-tls-secret
123 # secretName: example2-net-tls-secret
124 # Map of ingress annotations.
131 # Custom Kong plugins can be loaded into Kong by mounting the plugin code
132 # into the file-system of Kong container.
133 # The plugin code should be present in ConfigMap or Secret inside the same
134 # namespace as Kong is being installed.
135 # The `name` property refers to the name of the ConfigMap or Secret
136 # itself, while the pluginName refers to the name of the plugin as it appears
140 # - pluginName: rewriter
141 # name: kong-plugin-rewriter
143 # - pluginName: rewriter
144 # name: kong-plugin-rewriter
145 # Inject specified secrets as a volume in Kong Container at path /etc/secrets/{secret-name}/
146 # This can be used to override default SSL certificates
147 # Example configuration
153 # Set runMigrations to run Kong migrations
156 # Kong's configuration for DB-less mode
157 # Note: Use this section only if you are deploying Kong in DB-less mode
158 # and not as an Ingress Controller.
160 # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml)
162 # Or the configuration is passed in full-text below
164 _format_version: "1.1"
166 # Example configuration
167 # - name: example.com
168 # url: http://example.com
174 # -----------------------------------------------------------------------------
175 # Ingress Controller parameters
176 # -----------------------------------------------------------------------------
178 # Kong Ingress Controller's primary purpose is to satisfy Ingress resources
179 # created in k8s. It uses CRDs for more fine grained control over routing and
180 # for Kong specific configuration.
184 repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
187 # Specify Kong Ingress Controller configuration via environment variables
198 # Specifies whether RBAC resources should be created
202 # Specifies whether a ServiceAccount should be created
204 # The name of the ServiceAccount to use.
205 # If not set and create is true, a name is generated using the fullname template
216 initialDelaySeconds: 5
226 initialDelaySeconds: 5
233 # -----------------------------------------------------------------------------
234 # Postgres sub-chart parameters
235 # -----------------------------------------------------------------------------
237 # Kong can run without a database or use either Postgres or Cassandra
238 # as a backend datatstore for it's configuration.
239 # By default, this chart installs Kong without a database.
241 # If you would like to use a database, there are two options:
242 # - (recommended) Deploy and maintain a database and pass the connection
243 # details to Kong via the `env` section.
244 # - You can use the below `postgresql` sub-chart to deploy a database
245 # along-with Kong as part of a single Helm release.
247 # PostgreSQL chart documentation:
248 # https://github.com/helm/charts/blob/master/stable/postgresql/README.md
252 # postgresqlUsername: kong
253 # postgresqlDatabase: kong
257 # -----------------------------------------------------------------------------
258 # Miscellaneous parameters
259 # -----------------------------------------------------------------------------
264 pullPolicy: IfNotPresent
268 # type: RollingUpdate
271 # maxUnavailable: "0%"
273 # If you want to specify resources, uncomment the following
274 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
283 # readinessProbe for Kong pods
284 # If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
290 initialDelaySeconds: 5
296 # livenessProbe for Kong pods
302 initialDelaySeconds: 5
308 # Affinity for pod assignment
309 # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
312 # Tolerations for pod assignment
313 # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
316 # Node labels for pod assignment
317 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
320 # Annotation to be added to Kong pods
326 # Kong Pod Disruption Budget
329 maxUnavailable: "50%"
334 # securityContext for Kong pods.
339 # Specifies whether ServiceMonitor for Prometheus operator should be created
342 # Specifies namespace, where ServiceMonitor should be installed
343 # namespace: monitoring
347 # -----------------------------------------------------------------------------
348 # Kong Enterprise parameters
349 # -----------------------------------------------------------------------------
351 # Toggle Kong Enterprise features on or off
352 # RBAC and SMTP configuration have additional options that must all be set together
353 # Other settings should be added to the "env" settings below
356 # Kong Enterprise license secret name
357 # This secret must contain a single 'license' key, containing your base64-encoded license data
358 # The license secret is required for all Kong Enterprise deployments
359 license_secret: you-must-create-a-kong-license-secret
360 # Session configuration secret
361 # The session conf secret is required if using RBAC or the Portal
366 # portal_auth here sets the default authentication mechanism for the Portal
367 # FIXME This can be changed per-workspace, but must currently default to
368 # basic-auth to work around limitations with session configuration
369 portal_auth: basic-auth
370 # If the Portal is enabled and any workspace's Portal uses authentication,
371 # this Secret must contain an portal_session_conf key
372 # The key value must be a secret configuration, following the example at
373 # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/authentication/sessions
374 session_conf_secret: you-must-create-a-portal-session-conf-secret
377 admin_gui_auth: basic-auth
378 # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
379 # The key value must be a secret configuration, following the example at
380 # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions
381 session_conf_secret: you-must-create-an-rbac-session-conf-secret
382 # If admin_gui_auth is not set to basic-auth, provide a secret name which
383 # has an admin_gui_auth_conf key containing the plugin config JSON
384 admin_gui_auth_conf_secret: you-must-create-an-admin-gui-auth-conf-secret
385 # For configuring emails and SMTP, please read through:
386 # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/smtp
387 # https://docs.konghq.com/enterprise/latest/kong-manager/networking/email
390 portal_emails_from: none@example.com
391 portal_emails_reply_to: none@example.com
392 admin_emails_from: none@example.com
393 admin_emails_reply_to: none@example.com
394 smtp_admin_emails: none@example.com
395 smtp_host: smtp.example.com
399 # If your SMTP server does not require authentication, this section can
400 # be left as-is. If smtp_username is set to anything other than an empty
401 # string, you must create a Secret with an smtp_password key containing
402 # your SMTP password and specify its name here.
403 smtp_username: '' # e.g. postmaster@example.com
404 smtp_password_secret: you-must-create-an-smtp-password
407 # If you want to specify annotations for the Manager service, uncomment the following
408 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
410 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
412 # HTTP plain-text traffic
417 # Set a nodePort which is available if service type is NodePort
424 # Set a nodePort which is available if service type is NodePort
429 # Kong proxy ingress settings.
431 # Enable/disable exposure using ingress.
434 # tls: kong-proxy.example.com-tls
437 # Map of ingress annotations.
445 # If you want to specify annotations for the Portal service, uncomment the following
446 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
448 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
450 # HTTP plain-text traffic
455 # Set a nodePort which is available if service type is NodePort
462 # Set a nodePort which is available if service type is NodePort
467 # Kong proxy ingress settings.
469 # Enable/disable exposure using ingress.
472 # tls: kong-proxy.example.com-tls
475 # Map of ingress annotations.
483 # If you want to specify annotations for the Portal API service, uncomment the following
484 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
486 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
488 # HTTP plain-text traffic
493 # Set a nodePort which is available if service type is NodePort
500 # Set a nodePort which is available if service type is NodePort
505 # Kong proxy ingress settings.
507 # Enable/disable exposure using ingress.
510 # tls: kong-proxy.example.com-tls
513 # Map of ingress annotations.