+# Custom Kong plugins can be loaded into Kong by mounting the plugin code
+# into the file-system of Kong container.
+# The plugin code should be present in ConfigMap or Secret inside the same
+# namespace as Kong is being installed.
+# The `name` property refers to the name of the ConfigMap or Secret
+# itself, while the pluginName refers to the name of the plugin as it appears
+# in Kong.
+plugins: {}
+ # configMaps:
+ # - pluginName: rewriter
+ # name: kong-plugin-rewriter
+ # secrets:
+ # - pluginName: rewriter
+ # name: kong-plugin-rewriter
+# Inject specified secrets as a volume in Kong Container at path /etc/secrets/{secret-name}/
+# This can be used to override default SSL certificates
+# Example configuration
+# secretVolumes:
+# - kong-proxy-tls
+# - kong-admin-tls
+secretVolumes: []
+
+# Set runMigrations to run Kong migrations
+runMigrations: true
+
+# Kong's configuration for DB-less mode
+# Note: Use this section only if you are deploying Kong in DB-less mode
+# and not as an Ingress Controller.
+dblessConfig:
+ # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml)
+ configMap: ""
+ # Or the configuration is passed in full-text below
+ config:
+ _format_version: "1.1"
+ services:
+ # Example configuration
+ # - name: example.com
+ # url: http://example.com
+ # routes:
+ # - name: example
+ # paths:
+ # - "/example"
+
+# -----------------------------------------------------------------------------
+# Ingress Controller parameters
+# -----------------------------------------------------------------------------
+
+# Kong Ingress Controller's primary purpose is to satisfy Ingress resources
+# created in k8s. It uses CRDs for more fine grained control over routing and
+# for Kong specific configuration.
+ingressController:
+ enabled: true
+ image:
+ repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
+ tag: 0.7.0
+
+ # Specify Kong Ingress Controller configuration via environment variables
+ env: {}
+
+ admissionWebhook:
+ enabled: false
+ failurePolicy: Fail
+ port: 8080
+
+ ingressClass: kong
+
+ rbac:
+ # Specifies whether RBAC resources should be created
+ create: true
+
+ serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+ installCRDs: true
+
+ # general properties
+ livenessProbe:
+ httpGet:
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ resources: {}
+
+# -----------------------------------------------------------------------------
+# Postgres sub-chart parameters
+# -----------------------------------------------------------------------------
+
+# Kong can run without a database or use either Postgres or Cassandra
+# as a backend datatstore for it's configuration.
+# By default, this chart installs Kong without a database.
+
+# If you would like to use a database, there are two options:
+# - (recommended) Deploy and maintain a database and pass the connection
+# details to Kong via the `env` section.
+# - You can use the below `postgresql` sub-chart to deploy a database
+# along-with Kong as part of a single Helm release.
+
+# PostgreSQL chart documentation:
+# https://github.com/helm/charts/blob/master/stable/postgresql/README.md
+
+postgresql:
+ enabled: false
+ # postgresqlUsername: kong
+ # postgresqlDatabase: kong
+ # service:
+ # port: 5432
+
+# -----------------------------------------------------------------------------
+# Miscellaneous parameters
+# -----------------------------------------------------------------------------
+
+waitImage:
+ repository: busybox
+ tag: latest
+ pullPolicy: IfNotPresent
+
+# update strategy
+updateStrategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: "100%"
+ # maxUnavailable: "0%"
+
+# If you want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+# readinessProbe for Kong pods
+# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
+readinessProbe:
+ httpGet:
+ path: "/status"
+ port: metrics
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+# livenessProbe for Kong pods
+livenessProbe:
+ httpGet:
+ path: "/status"
+ port: metrics
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Annotation to be added to Kong pods
+podAnnotations: {}
+
+# Kong pod count
+replicaCount: 1
+
+# Kong Pod Disruption Budget
+podDisruptionBudget:
+ enabled: false
+ maxUnavailable: "50%"
+
+podSecurityPolicy:
+ enabled: false
+
+# securityContext for Kong pods.
+securityContext:
+ runAsUser: 1000
+
+serviceMonitor:
+ # Specifies whether ServiceMonitor for Prometheus operator should be created
+ enabled: false
+ # interval: 10s
+ # Specifies namespace, where ServiceMonitor should be installed
+ # namespace: monitoring
+ # labels:
+ # foo: bar
+
+# -----------------------------------------------------------------------------
+# Kong Enterprise parameters
+# -----------------------------------------------------------------------------
+
+# Toggle Kong Enterprise features on or off
+# RBAC and SMTP configuration have additional options that must all be set together
+# Other settings should be added to the "env" settings below
+enterprise:
+ enabled: false
+ # Kong Enterprise license secret name
+ # This secret must contain a single 'license' key, containing your base64-encoded license data
+ # The license secret is required for all Kong Enterprise deployments
+ license_secret: you-must-create-a-kong-license-secret
+ # Session configuration secret
+ # The session conf secret is required if using RBAC or the Portal
+ vitals:
+ enabled: true
+ portal:
+ enabled: false
+ # portal_auth here sets the default authentication mechanism for the Portal
+ # FIXME This can be changed per-workspace, but must currently default to
+ # basic-auth to work around limitations with session configuration
+ portal_auth: basic-auth
+ # If the Portal is enabled and any workspace's Portal uses authentication,
+ # this Secret must contain an portal_session_conf key
+ # The key value must be a secret configuration, following the example at
+ # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/authentication/sessions
+ session_conf_secret: you-must-create-a-portal-session-conf-secret
+ rbac:
+ enabled: false
+ admin_gui_auth: basic-auth
+ # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
+ # The key value must be a secret configuration, following the example at
+ # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions
+ session_conf_secret: you-must-create-an-rbac-session-conf-secret
+ # If admin_gui_auth is not set to basic-auth, provide a secret name which
+ # has an admin_gui_auth_conf key containing the plugin config JSON
+ admin_gui_auth_conf_secret: you-must-create-an-admin-gui-auth-conf-secret
+ # For configuring emails and SMTP, please read through:
+ # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/smtp
+ # https://docs.konghq.com/enterprise/latest/kong-manager/networking/email
+ smtp:
+ enabled: false
+ portal_emails_from: none@example.com
+ portal_emails_reply_to: none@example.com
+ admin_emails_from: none@example.com
+ admin_emails_reply_to: none@example.com
+ smtp_admin_emails: none@example.com
+ smtp_host: smtp.example.com
+ smtp_port: 587
+ smtp_starttls: true
+ auth:
+ # If your SMTP server does not require authentication, this section can
+ # be left as-is. If smtp_username is set to anything other than an empty
+ # string, you must create a Secret with an smtp_password key containing
+ # your SMTP password and specify its name here.
+ smtp_username: '' # e.g. postmaster@example.com
+ smtp_password_secret: you-must-create-an-smtp-password
+