1 ################################################################################
2 # Copyright (c) 2019 AT&T Intellectual Property. #
4 # Licensed under the Apache License, Version 2.0 (the "License"); #
5 # you may not use this file except in compliance with the License. #
6 # You may obtain a copy of the License at #
8 # http://www.apache.org/licenses/LICENSE-2.0 #
10 # Unless required by applicable law or agreed to in writing, software #
11 # distributed under the License is distributed on an "AS IS" BASIS, #
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
13 # See the License for the specific language governing permissions and #
14 # limitations under the License. #
15 ################################################################################
17 # Default values for kong.
18 # Declare variables to be passed into your templates.
22 # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
24 pullPolicy: IfNotPresent
25 ## Optionally specify an array of imagePullSecrets.
26 ## Secrets must be manually created in the namespace.
27 ## If using the official Kong Enterprise registry above, you MUST provide a secret.
28 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
31 # - myRegistrKeySecretName
37 # Specify Kong admin and proxy services configurations
39 # If you want to specify annotations for the admin service, uncomment the following
40 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
42 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
44 # HTTPS traffic on the admin port
45 # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP'
49 # Kong admin service type
51 # Set a nodePort which is available
53 # Kong admin ingress settings.
55 # Enable/disable exposure using ingress.
58 # tls: kong-admin.example.com-tls
59 # Array of ingress hosts.
61 # Map of ingress annotations.
67 # If you want to specify annotations for the proxy service, uncomment the following
68 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
70 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
72 # HTTP plain-text traffic
77 # Set a nodePort which is available if service type is NodePort
84 # Set a nodePort which is available if service type is NodePort
89 # Kong proxy ingress settings.
91 # Enable/disable exposure using ingress.
94 # tls: kong-proxy.example.com-tls
95 # Array of ingress hosts.
97 # Map of ingress annotations.
105 # If you want to specify annotations for the Manager service, uncomment the following
106 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
108 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
110 # HTTP plain-text traffic
115 # Set a nodePort which is available if service type is NodePort
122 # Set a nodePort which is available if service type is NodePort
127 # Kong proxy ingress settings.
129 # Enable/disable exposure using ingress.
132 # tls: kong-proxy.example.com-tls
133 # Array of ingress hosts.
135 # Map of ingress annotations.
143 # If you want to specify annotations for the Portal service, uncomment the following
144 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
146 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
148 # HTTP plain-text traffic
153 # Set a nodePort which is available if service type is NodePort
160 # Set a nodePort which is available if service type is NodePort
165 # Kong proxy ingress settings.
167 # Enable/disable exposure using ingress.
170 # tls: kong-proxy.example.com-tls
171 # Array of ingress hosts.
173 # Map of ingress annotations.
181 # If you want to specify annotations for the Portal API service, uncomment the following
182 # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
184 # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
186 # HTTP plain-text traffic
191 # Set a nodePort which is available if service type is NodePort
198 # Set a nodePort which is available if service type is NodePort
203 # Kong proxy ingress settings.
205 # Enable/disable exposure using ingress.
208 # tls: kong-proxy.example.com-tls
209 # Array of ingress hosts.
211 # Map of ingress annotations.
218 # Toggle Kong Enterprise features on or off
219 # RBAC and SMTP configuration have additional options that must all be set together
220 # Other settings should be added to the "env" settings below
223 # Kong Enterprise license secret name
224 # This secret must contain a single 'license' key, containing your base64-encoded license data
225 # The license secret is required for all Kong Enterprise deployments
226 license_secret: you-must-create-a-kong-license-secret
227 # Session configuration secret
228 # The session conf secret is required if using RBAC or the Portal
233 # portal_auth here sets the default authentication mechanism for the Portal
234 # FIXME This can be changed per-workspace, but must currently default to
235 # basic-auth to work around limitations with session configuration
236 portal_auth: basic-auth
237 # If the Portal is enabled and any workspace's Portal uses authentication,
238 # this Secret must contain an portal_session_conf key
239 # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
240 session_conf_secret: you-must-create-a-portal-session-conf-secret
243 admin_gui_auth: basic-auth
244 # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
245 # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
246 session_conf_secret: you-must-create-an-rbac-session-conf-secret
247 # Set to the appropriate plugin config JSON if not using basic-auth
248 admin_gui_auth_conf: {}
251 portal_emails_from: none@example.com
252 portal_emails_reply_to: none@example.com
253 admin_emails_from: none@example.com
254 admin_emails_reply_to: none@example.com
255 smtp_admin_emails: none@example.com
256 smtp_host: smtp.example.com
260 # If your SMTP server does not require authentication, this section can
261 # be left as-is. If smtp_username is set to anything other than an empty
262 # string, you must create a Secret with an smtp_password key containing
263 # your SMTP password and specify its name here.
264 smtp_username: '' # e.g. postmaster@example.com
265 smtp_password_secret: you-must-create-an-smtp-password
267 # Set runMigrations to run Kong migrations
272 # type: RollingUpdate
275 # maxUnavailable: "0%"
277 # Specify Kong configurations
278 # Kong configurations guide https://getkong.org/docs/latest/configuration/
279 # Values here take precedence over values from other sections of values.yaml,
280 # e.g. setting pg_user here will override the value normally set when postgresql.enabled
281 # is set below. In general, you should not set values here if they are set elsewhere.
284 proxy_access_log: /dev/stdout
285 admin_access_log: /dev/stdout
286 admin_gui_access_log: /dev/stdout
287 portal_api_access_log: /dev/stdout
288 proxy_error_log: /dev/stderr
289 admin_error_log: /dev/stderr
290 admin_gui_error_log: /dev/stderr
291 portal_api_error_log: /dev/stderr
293 # If you want to specify resources, uncomment the following
294 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
303 # readinessProbe for Kong pods
304 # If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
310 initialDelaySeconds: 30
316 # livenessProbe for Kong pods
317 # If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
323 initialDelaySeconds: 30
329 # Affinity for pod assignment
330 # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
333 # Tolerations for pod assignment
334 # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
337 # Node labels for pod assignment
338 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
341 # Annotation to be added to Kong pods
347 # Kong Pod Disruption Budget
350 maxUnavailable: "50%"
352 # Kong has a choice of either Postgres or Cassandra as a backend datatstore.
353 # This chart allows you to choose either of them with the `database.type`
354 # parameter. Postgres is chosen by default.
356 # Additionally, this chart allows you to use your own database or spin up a new
357 # instance by using the `postgres.enabled` or `cassandra.enabled` parameters.
358 # Enabling both will create both databases in your cluster, but only one
359 # will be used by Kong based on the `env.database` parameter.
360 # Postgres is enabled by default.
362 # Cassandra chart configs
366 # PostgreSQL chart configs
369 postgresqlUsername: kong
370 postgresqlDatabase: kong
374 # Kong Ingress Controller's primary purpose is to satisfy Ingress resources
375 # created in k8s. It uses CRDs for more fine grained control over routing and
376 # for Kong specific configuration.
380 repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
389 initialDelaySeconds: 30
399 initialDelaySeconds: 30
407 # Specifies whether RBAC resources should be created
411 # Specifies whether a ServiceAccount should be created
413 # The name of the ServiceAccount to use.
414 # If not set and create is true, a name is generated using the fullname template
421 maxUnavailable: "50%"
423 # We pass the dbless (declarative) config over here.
425 # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml)
427 # Or the configuration is passed in full-text below
429 _format_version: "1.1"
431 # Example configuration
432 # - name: example.com
433 # url: http://example.com
440 # Specifies whether ServiceMonitor for Prometheus operator should be created
443 # Specifies namespace, where ServiceMonitor should be installed
444 # namespace: monitoring