--- /dev/null
+# Default values for kong.
+# Declare variables to be passed into your templates.
+
+image:
+ repository: kong
+ # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
+ tag: 1.2
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## If using the official Kong Enterprise registry above, you MUST provide a secret.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistrKeySecretName
+
+waitImage:
+ repository: busybox
+ tag: latest
+
+# Specify Kong admin and proxy services configurations
+admin:
+ # If you want to specify annotations for the admin service, uncomment the following
+ # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+
+ # HTTPS traffic on the admin port
+ # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP'
+ useTLS: true
+ servicePort: 8444
+ containerPort: 8444
+ # Kong admin service type
+ type: NodePort
+ # Set a nodePort which is available
+ # nodePort: 32444
+ # Kong admin ingress settings.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+ # TLS secret name.
+ # tls: kong-admin.example.com-tls
+ # Array of ingress hosts.
+ hosts: []
+ # Map of ingress annotations.
+ annotations: {}
+ # Ingress path.
+ path: /
+
+proxy:
+ # If you want to specify annotations for the proxy service, uncomment the following
+ # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+
+ # HTTP plain-text traffic
+ http:
+ enabled: true
+ servicePort: 80
+ containerPort: 8000
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32080
+
+ tls:
+ enabled: true
+ servicePort: 443
+ containerPort: 8443
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32443
+
+ type: NodePort
+
+ # Kong proxy ingress settings.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+ # TLS secret name.
+ # tls: kong-proxy.example.com-tls
+ # Array of ingress hosts.
+ hosts: []
+ # Map of ingress annotations.
+ annotations: {}
+ # Ingress path.
+ path: /
+
+ externalIPs: []
+
+manager:
+ # If you want to specify annotations for the Manager service, uncomment the following
+ # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+
+ # HTTP plain-text traffic
+ http:
+ enabled: true
+ servicePort: 8002
+ containerPort: 8002
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32080
+
+ tls:
+ enabled: true
+ servicePort: 8445
+ containerPort: 8445
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32443
+
+ type: NodePort
+
+ # Kong proxy ingress settings.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+ # TLS secret name.
+ # tls: kong-proxy.example.com-tls
+ # Array of ingress hosts.
+ hosts: []
+ # Map of ingress annotations.
+ annotations: {}
+ # Ingress path.
+ path: /
+
+ externalIPs: []
+
+portal:
+ # If you want to specify annotations for the Portal service, uncomment the following
+ # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+
+ # HTTP plain-text traffic
+ http:
+ enabled: true
+ servicePort: 8003
+ containerPort: 8003
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32080
+
+ tls:
+ enabled: true
+ servicePort: 8446
+ containerPort: 8446
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32443
+
+ type: NodePort
+
+ # Kong proxy ingress settings.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+ # TLS secret name.
+ # tls: kong-proxy.example.com-tls
+ # Array of ingress hosts.
+ hosts: []
+ # Map of ingress annotations.
+ annotations: {}
+ # Ingress path.
+ path: /
+
+ externalIPs: []
+
+portalapi:
+ # If you want to specify annotations for the Portal API service, uncomment the following
+ # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'.
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+
+ # HTTP plain-text traffic
+ http:
+ enabled: true
+ servicePort: 8004
+ containerPort: 8004
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32080
+
+ tls:
+ enabled: true
+ servicePort: 8447
+ containerPort: 8447
+ # Set a nodePort which is available if service type is NodePort
+ # nodePort: 32443
+
+ type: NodePort
+
+ # Kong proxy ingress settings.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+ # TLS secret name.
+ # tls: kong-proxy.example.com-tls
+ # Array of ingress hosts.
+ hosts: []
+ # Map of ingress annotations.
+ annotations: {}
+ # Ingress path.
+ path: /
+
+ externalIPs: []
+
+# Toggle Kong Enterprise features on or off
+# RBAC and SMTP configuration have additional options that must all be set together
+# Other settings should be added to the "env" settings below
+enterprise:
+ enabled: false
+ # Kong Enterprise license secret name
+ # This secret must contain a single 'license' key, containing your base64-encoded license data
+ # The license secret is required for all Kong Enterprise deployments
+ license_secret: you-must-create-a-kong-license-secret
+ # Session configuration secret
+ # The session conf secret is required if using RBAC or the Portal
+ vitals:
+ enabled: true
+ portal:
+ enabled: false
+ # portal_auth here sets the default authentication mechanism for the Portal
+ # FIXME This can be changed per-workspace, but must currently default to
+ # basic-auth to work around limitations with session configuration
+ portal_auth: basic-auth
+ # If the Portal is enabled and any workspace's Portal uses authentication,
+ # this Secret must contain an portal_session_conf key
+ # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
+ session_conf_secret: you-must-create-a-portal-session-conf-secret
+ rbac:
+ enabled: false
+ admin_gui_auth: basic-auth
+ # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
+ # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
+ session_conf_secret: you-must-create-an-rbac-session-conf-secret
+ # Set to the appropriate plugin config JSON if not using basic-auth
+ # admin_gui_auth_conf: ''
+ smtp:
+ enabled: false
+ portal_emails_from: none@example.com
+ portal_emails_reply_to: none@example.com
+ admin_emails_from: none@example.com
+ admin_emails_reply_to: none@example.com
+ smtp_admin_emails: none@example.com
+ smtp_host: smtp.example.com
+ smtp_port: 587
+ smtp_starttls: true
+ auth:
+ # If your SMTP server does not require authentication, this section can
+ # be left as-is. If smtp_username is set to anything other than an empty
+ # string, you must create a Secret with an smtp_password key containing
+ # your SMTP password and specify its name here.
+ smtp_username: '' # e.g. postmaster@example.com
+ smtp_password_secret: you-must-create-an-smtp-password
+
+# Set runMigrations to run Kong migrations
+runMigrations: true
+
+# Specify Kong configurations
+# Kong configurations guide https://getkong.org/docs/latest/configuration/
+env:
+ database: postgres
+ proxy_access_log: /dev/stdout
+ admin_access_log: /dev/stdout
+ admin_gui_access_log: /dev/stdout
+ portal_api_access_log: /dev/stdout
+ proxy_error_log: /dev/stderr
+ admin_error_log: /dev/stderr
+ admin_gui_error_log: /dev/stderr
+ portal_api_error_log: /dev/stderr
+
+# If you want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+# readinessProbe for Kong pods
+# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
+readinessProbe:
+ httpGet:
+ path: "/status"
+ port: admin
+ scheme: HTTPS
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+
+# livenessProbe for Kong pods
+# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header
+livenessProbe:
+ httpGet:
+ path: "/status"
+ port: admin
+ scheme: HTTPS
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ periodSeconds: 30
+ successThreshold: 1
+ failureThreshold: 5
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Annotation to be added to Kong pods
+podAnnotations: {}
+
+# Kong pod count
+replicaCount: 1
+
+# Kong has a choice of either Postgres or Cassandra as a backend datatstore.
+# This chart allows you to choose either of them with the `database.type`
+# parameter. Postgres is chosen by default.
+
+# Additionally, this chart allows you to use your own database or spin up a new
+# instance by using the `postgres.enabled` or `cassandra.enabled` parameters.
+# Enabling both will create both databases in your cluster, but only one
+# will be used by Kong based on the `env.database` parameter.
+# Postgres is enabled by default.
+
+# Cassandra chart configs
+cassandra:
+ enabled: false
+
+# PostgreSQL chart configs
+postgresql:
+ enabled: true
+ postgresqlUsername: kong
+ postgresqlDatabase: kong
+ service:
+ port: 5432
+
+# Kong Ingress Controller's primary purpose is to satisfy Ingress resources
+# created in k8s. It uses CRDs for more fine grained control over routing and
+# for Kong specific configuration.
+ingressController:
+ enabled: false
+ image:
+ repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
+ tag: 0.4.0
+ replicaCount: 1
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+
+ installCRDs: true
+
+ rbac:
+ # Specifies whether RBAC resources should be created
+ create: true
+
+ serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+ ingressClass: kong