--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "kong.fullname" . }}"
+ labels:
+ app: "{{ template "kong.name" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ component: app
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: app
+ {{- if .Values.updateStrategy }}
+ strategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+ {{- end }}
+
+ template:
+ metadata:
+ annotations:
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }}
+ {{- if .Values.dblessConfig.config }}
+ checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: app
+ spec:
+ {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ serviceAccountName: {{ template "kong.serviceAccountName" . }}
+ {{ end }}
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- if not (eq .Values.env.database "off") }}
+ initContainers:
+ {{- include "kong.wait-for-db" . | nindent 6 }}
+ {{ end }}
+ containers:
+ {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ {{- include "kong.controller-container" . | nindent 6 }}
+ {{ end }}
+ - name: {{ template "kong.name" . }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ {{- if not .Values.env.admin_listen }}
+ {{- if .Values.admin.useTLS }}
+ - name: KONG_ADMIN_LISTEN
+ value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl"
+ {{- else }}
+ - name: KONG_ADMIN_LISTEN
+ value: 0.0.0.0:{{ .Values.admin.containerPort }}
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.env.proxy_listen }}
+ - name: KONG_PROXY_LISTEN
+ value: {{ template "kong.kongProxyListenValue" . }}
+ {{- end }}
+ {{- if and (not .Values.env.admin_gui_listen) (.Values.enterprise.enabled) }}
+ - name: KONG_ADMIN_GUI_LISTEN
+ value: {{ template "kong.kongManagerListenValue" . }}
+ {{- end }}
+ {{- if and (not .Values.env.portal_gui_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }}
+ - name: KONG_PORTAL_GUI_LISTEN
+ value: {{ template "kong.kongPortalListenValue" . }}
+ {{- end }}
+ {{- if and (not .Values.env.portal_api_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }}
+ - name: KONG_PORTAL_API_LISTEN
+ value: {{ template "kong.kongPortalApiListenValue" . }}
+ {{- end }}
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ {{- if .Values.enterprise.enabled }}
+ {{- if .Values.enterprise.vitals.enabled }}
+ - name: KONG_VITALS
+ value: "on"
+ {{- end }}
+ {{- if .Values.enterprise.portal.enabled }}
+ - name: KONG_PORTAL
+ value: "on"
+ {{- if .Values.enterprise.portal.portal_auth }}
+ - name: KONG_PORTAL_AUTH
+ value: {{ .Values.enterprise.portal.portal_auth }}
+ - name: KONG_PORTAL_SESSION_CONF
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.enterprise.portal.session_conf_secret }}
+ key: portal_session_conf
+ {{- end }}
+ {{- end }}
+ {{- if .Values.enterprise.rbac.enabled }}
+ - name: KONG_ENFORCE_RBAC
+ value: "on"
+ - name: KONG_ADMIN_GUI_AUTH
+ value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }}
+ - name: KONG_ADMIN_GUI_AUTH_CONF
+ value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}'
+ - name: KONG_ADMIN_GUI_SESSION_CONF
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.enterprise.rbac.session_conf_secret }}
+ key: admin_gui_session_conf
+ {{- end }}
+ {{- if .Values.enterprise.smtp.enabled }}
+ - name: KONG_PORTAL_EMAILS_FROM
+ value: {{ .Values.enterprise.smtp.portal_emails_from }}
+ - name: KONG_PORTAL_EMAILS_REPLY_TO
+ value: {{ .Values.enterprise.smtp.portal_emails_reply_to }}
+ - name: KONG_ADMIN_EMAILS_FROM
+ value: {{ .Values.enterprise.smtp.admin_emails_from }}
+ - name: KONG_ADMIN_EMAILS_REPLY_TO
+ value: {{ .Values.enterprise.smtp.admin_emails_reply_to }}
+ - name: KONG_SMTP_HOST
+ value: {{ .Values.enterprise.smtp.smtp_host }}
+ - name: KONG_SMTP_PORT
+ value: {{ .Values.enterprise.smtp.smtp_port }}
+ - name: KONG_SMTP_STARTTLS
+ value: {{ .Values.enterprise.smtp.smtp_starttls }}
+ {{- if .Values.enterprise.smtp.auth.smtp_username }}
+ - name: KONG_SMTP_USERNAME
+ value: {{ .Values.enterprise.smtp.auth.smtp_username }}
+ - name: KONG_SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.enterprise.smtp.auth.smtp_password }}
+ key: smtp_password
+ {{- end }}
+ {{- else }}
+ - name: KONG_SMTP_MOCK
+ value: "on"
+ {{- end }}
+ {{- include "kong.license" . | nindent 8 }}
+ {{- end }}
+ - name: KONG_NGINX_HTTP_INCLUDE
+ value: /kong/servers.conf
+ {{- if .Values.postgresql.enabled }}
+ - name: KONG_PG_HOST
+ value: {{ template "kong.postgresql.fullname" . }}
+ - name: KONG_PG_PORT
+ value: "{{ .Values.postgresql.service.port }}"
+ - name: KONG_PG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "kong.postgresql.fullname" . }}
+ key: postgresql-password
+ {{- end }}
+ {{- if .Values.cassandra.enabled }}
+ - name: KONG_CASSANDRA_CONTACT_POINTS
+ value: {{ template "kong.cassandra.fullname" . }}
+ {{- end }}
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ {{- end }}
+ {{- include "kong.env" . | indent 8 }}
+ ports:
+ - name: admin
+ containerPort: {{ .Values.admin.containerPort }}
+ {{- if .Values.admin.hostPort }}
+ hostPort: {{ .Values.admin.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- if .Values.proxy.http.enabled }}
+ - name: proxy
+ containerPort: {{ .Values.proxy.http.containerPort }}
+ {{- if .Values.proxy.http.hostPort }}
+ hostPort: {{ .Values.proxy.http.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.proxy.tls.enabled }}
+ - name: proxy-tls
+ containerPort: {{ .Values.proxy.tls.containerPort }}
+ {{- if .Values.proxy.tls.hostPort }}
+ hostPort: {{ .Values.proxy.tls.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ - name: metrics
+ containerPort: 9542
+ protocol: TCP
+ {{- if .Values.enterprise.enabled }}
+ {{- if .Values.manager.http.enabled }}
+ - name: manager
+ containerPort: {{ .Values.manager.http.containerPort }}
+ {{- if .Values.manager.http.hostPort }}
+ hostPort: {{ .Values.manager.http.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.manager.tls.enabled }}
+ - name: manager-tls
+ containerPort: {{ .Values.manager.tls.containerPort }}
+ {{- if .Values.manager.tls.hostPort }}
+ hostPort: {{ .Values.manager.tls.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.portal.http.enabled }}
+ - name: portal
+ containerPort: {{ .Values.portal.http.containerPort }}
+ {{- if .Values.portal.http.hostPort }}
+ hostPort: {{ .Values.portal.http.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.portal.tls.enabled }}
+ - name: portal-tls
+ containerPort: {{ .Values.portal.tls.containerPort }}
+ {{- if .Values.portal.tls.hostPort }}
+ hostPort: {{ .Values.portal.tls.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.portalapi.http.enabled }}
+ - name: portalapi
+ containerPort: {{ .Values.portalapi.http.containerPort }}
+ {{- if .Values.portalapi.http.hostPort }}
+ hostPort: {{ .Values.portalapi.http.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.portalapi.tls.enabled }}
+ - name: portalapi-tls
+ containerPort: {{ .Values.portalapi.tls.containerPort }}
+ {{- if .Values.portalapi.tls.hostPort }}
+ hostPort: {{ .Values.portalapi.tls.hostPort }}
+ {{- end}}
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: custom-nginx-template-volume
+ mountPath: /kong
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ {{- end }}
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 10 }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ volumes:
+ - name: custom-nginx-template-volume
+ configMap:
+ name: {{ template "kong.fullname" . }}-default-custom-server-blocks
+{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ {{- if .Values.dblessConfig.configMap }}
+ name: {{ .Values.dblessConfig.configMap }}
+ {{- else }}
+ name: {{ template "kong.dblessConfig.fullname" . }}
+ {{- end }}
+{{- end }}