--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+
+# Default values for Kong's Helm Chart.
+#
+# Sections:
+# - Deployment parameters
+# - Kong parameters
+# - Ingress Controller parameters
+# - Postgres sub-chart parameters
+# - Miscellaneous parameters
+# - Kong Enterprise parameters
+
+# For a detailed example of values.yaml, please see https://github.com/Kong/charts/blob/main/charts/kong/values.yaml
+
+# -----------------------------------------------------------------------------
+# Deployment parameters
+# -----------------------------------------------------------------------------
+
+deployment:
+ kong:
+ enabled: true
+ serviceAccount:
+ create: true
+ automountServiceAccountToken: false
+
+ test:
+ enabled: false
+ daemonset: false
+ hostNetwork: false
+ hostname: ""
+ prefixDir:
+ sizeLimit: 256Mi
+ tmpDir:
+ sizeLimit: 1Gi
+
+# -----------------------------------------------------------------------------
+# Kong parameters
+# -----------------------------------------------------------------------------
+
+env:
+ database: "postgres"
+ router_flavor: "traditional"
+ nginx_worker_processes: "2"
+ proxy_access_log: /dev/stdout
+ admin_access_log: /dev/stdout
+ admin_gui_access_log: /dev/stdout
+ portal_api_access_log: /dev/stdout
+ proxy_error_log: /dev/stderr
+ admin_error_log: /dev/stderr
+ admin_gui_error_log: /dev/stderr
+ portal_api_error_log: /dev/stderr
+ prefix: /kong_prefix/
+
+extraLabels: {}
+
+# Specify Kong's Docker image and repository details here
+image:
+ repository: kong
+ tag: "3.4"
+
+ # Specify a semver version if your image tag is not one (e.g. "nightly")
+ effectiveSemver:
+ pullPolicy: IfNotPresent
+
+# Specify Kong admin API service and listener configuration
+admin:
+ enabled: true
+ type: NodePort
+ loadBalancerClass:
+ annotations: {}
+ labels: {}
+
+ http:
+ # Enable plaintext HTTP listen for the admin API
+ enabled: true
+ servicePort: 8001
+ containerPort: 8001
+ nodePort: 32081
+ parameters: []
+
+ tls:
+ # Enable HTTPS listen for the admin API
+ enabled: true
+ servicePort: 8444
+ containerPort: 8444
+ nodePort: 32443
+ parameters:
+ - http2
+
+ client:
+ caBundle: ""
+ secretName: ""
+
+ # Kong admin ingress settings. Useful if you want to expose the Admin
+ # API of Kong outside the k8s cluster.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+
+# Specify Kong status listener configuration
+status:
+ enabled: true
+ http:
+ enabled: true
+ containerPort: 8100
+ parameters: []
+
+ tls:
+ enabled: false
+ containerPort: 8543
+ parameters: []
+
+clusterCaSecretName: ""
+
+cluster:
+ enabled: false
+
+ tls:
+ enabled: false
+
+ type: ClusterIP
+ loadBalancerClass:
+
+ # Kong cluster ingress settings. Useful if you want to split CP and DP
+ # in different clusters.
+ ingress:
+ # Enable/disable exposure using ingress.
+ enabled: false
+
+# Specify Kong proxy service configuration
+proxy:
+ # Enable creating a Kubernetes service for the proxy
+ enabled: true
+ type: LoadBalancer
+ loadBalancerClass:
+ nameOverride: ""
+ annotations: {}
+ labels:
+ enable-metrics: "true"
+
+ http:
+ # Enable plaintext HTTP listen for the proxy
+ enabled: true
+ servicePort: 80
+ containerPort: 8000
+ # Set a nodePort which is available if service type is NodePort
+ nodePort: 32080
+ parameters: []
+
+ tls:
+ # Enable HTTPS listen for the proxy
+ enabled: true
+ servicePort: 443
+ containerPort: 8443
+ parameters:
+ - http2
+
+ stream: []
+
+ ingress:
+ enabled: false
+
+udpProxy:
+ enabled: false
+
+plugins: {}
+
+secretVolumes: []
+
+# Enable/disable migration jobs, and set annotations for them
+migrations:
+ preUpgrade: true
+ postUpgrade: true
+ annotations:
+ sidecar.istio.io/inject: false
+ jobAnnotations: {}
+ backoffLimit:
+ resources: {}
+
+# Kong's configuration for DB-less mode
+dblessConfig:
+ configMap: ""
+ secret: ""
+ config: |
+
+# -----------------------------------------------------------------------------
+# Ingress Controller parameters
+# -----------------------------------------------------------------------------
+
+ingressController:
+ enabled: true
+ image:
+ repository: kong/kubernetes-ingress-controller
+ tag: "3.0"
+ effectiveSemver:
+ args: []
+
+ gatewayDiscovery:
+ enabled: false
+ generateAdminApiService: false
+ adminApiService:
+ namespace: ""
+ name: ""
+
+ watchNamespaces: []
+
+ env:
+ kong_admin_tls_skip_verify: true
+
+ admissionWebhook:
+ enabled: true
+ failurePolicy: Ignore
+ port: 8080
+ certificate:
+ provided: false
+ namespaceSelector: {}
+ service:
+ labels: {}
+
+ ingressClass: kong
+ ingressClassAnnotations: {}
+
+ rbac:
+ create: true
+
+ livenessProbe:
+ httpGet:
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: "/readyz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ resources: {}
+
+ konnect:
+ enabled: false
+
+ adminApi:
+ tls:
+ client:
+ enabled: false
+
+
+# -----------------------------------------------------------------------------
+# Postgres sub-chart parameters
+# -----------------------------------------------------------------------------
+
+postgresql:
+ enabled: true
+ auth:
+ username: kong
+ database: kong
+ password: kong
+ postgresPassword: kong
+ image:
+ # use postgres < 14 until is https://github.com/Kong/kong/issues/8533 resolved
+ tag: 13.11.0-debian-11-r20
+ service:
+ ports:
+ postgresql: "5432"
+ volumePermissions:
+ enabled: true
+ primary:
+ persistence:
+ existingClaim: kong-postgresql-pvc
+
+# -----------------------------------------------------------------------------
+# Configure cert-manager integration
+# -----------------------------------------------------------------------------
+
+certificates:
+ enabled: false
+
+# -----------------------------------------------------------------------------
+# Miscellaneous parameters
+# -----------------------------------------------------------------------------
+
+waitImage:
+ enabled: true
+ pullPolicy: IfNotPresent
+
+updateStrategy: {}
+
+resources: {}
+
+readinessProbe:
+ httpGet:
+ path: "/status/ready"
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+livenessProbe:
+ httpGet:
+ path: "/status"
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - '--wait=15'
+
+terminationGracePeriodSeconds: 30
+
+
+tolerations: []
+
+nodeSelector: {}
+
+podAnnotations:
+ kuma.io/gateway: enabled
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+
+podLabels: {}
+
+replicaCount: 1
+
+deploymentAnnotations: {}
+
+autoscaling:
+ enabled: false
+
+podDisruptionBudget:
+ enabled: false
+
+podSecurityPolicy:
+ enabled: false
+ labels: {}
+ annotations: {}
+ spec:
+ privileged: false
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ runAsGroup:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - 'configMap'
+ - 'secret'
+ - 'emptyDir'
+ - 'projected'
+ allowPrivilegeEscalation: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ readOnlyRootFilesystem: true
+
+
+priorityClassName: ""
+
+securityContext: {}
+
+containerSecurityContext:
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ runAsUser: 1000
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
+
+serviceMonitor:
+ enabled: false
+
+# -----------------------------------------------------------------------------
+# Kong Enterprise parameters
+# -----------------------------------------------------------------------------
+
+enterprise:
+ enabled: false
+
+manager:
+ enabled: true
+ type: NodePort
+ loadBalancerClass:
+ annotations: {}
+ labels: {}
+
+ http:
+ enabled: true
+ servicePort: 8002
+ containerPort: 8002
+ parameters: []
+
+ tls:
+ enabled: true
+ servicePort: 8445
+ containerPort: 8445
+ parameters:
+ - http2
+
+ ingress:
+ enabled: false
+
+portal:
+ enabled: true
+ type: NodePort
+ loadBalancerClass:
+ annotations: {}
+ labels: {}
+
+ http:
+ enabled: true
+ servicePort: 8003
+ containerPort: 8003
+ parameters: []
+
+ tls:
+ enabled: true
+ servicePort: 8446
+ containerPort: 8446
+ parameters:
+ - http2
+
+ ingress:
+ enabled: false
+
+portalapi:
+ enabled: true
+ type: NodePort
+ loadBalancerClass:
+ annotations: {}
+ labels: {}
+
+ http:
+ enabled: true
+ servicePort: 8004
+ containerPort: 8004
+ parameters: []
+
+ tls:
+ enabled: true
+ servicePort: 8447
+ containerPort: 8447
+ parameters:
+ - http2
+
+ ingress:
+ enabled: false
+
+clustertelemetry:
+ enabled: false
+ annotations: {}
+ labels: {}
+
+ tls:
+ enabled: false
+
+ type: ClusterIP
+ loadBalancerClass:
+
+ ingress:
+ enabled: false
+
+extraConfigMaps: []
+
+extraSecrets: []
+
+extraObjects: []