X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Fvalues.yaml;h=6d7484e4f3d37908c89fd59bba0a181d77126783;hb=7a43fbd4642448783aaf708d07ca883bf9bc5afd;hp=c61f97fbc9178d7fb2d1bfcb9979511783a96062;hpb=282e7af25ec053ae6d1c5a399c91c2c323f705cd;p=ric-plt%2Fric-dep.git diff --git a/helm/infrastructure/subcharts/kong/values.yaml b/helm/infrastructure/subcharts/kong/values.yaml index c61f97f..6d7484e 100755 --- a/helm/infrastructure/subcharts/kong/values.yaml +++ b/helm/infrastructure/subcharts/kong/values.yaml @@ -1,26 +1,41 @@ -################################################################################ -# Copyright (c) 2019 AT&T Intellectual Property. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ - -# Default values for kong. +# Default values for Kong's Helm Chart. # Declare variables to be passed into your templates. +# +# Sections: +# - Kong parameters +# - Ingress Controller parameters +# - Postgres sub-chart parameters +# - Miscellaneous parameters +# - Kong Enterprise parameters + +# ----------------------------------------------------------------------------- +# Kong parameters +# ----------------------------------------------------------------------------- +# Specify Kong configurations +# Kong configurations guide https://docs.konghq.com/latest/configuration +# Values here take precedence over values from other sections of values.yaml, +# e.g. setting pg_user here will override the value normally set when postgresql.enabled +# is set below. In general, you should not set values here if they are set elsewhere. +env: + database: "off" + nginx_worker_processes: "1" + proxy_access_log: /dev/stdout + admin_access_log: /dev/stdout + admin_gui_access_log: /dev/stdout + portal_api_access_log: /dev/stdout + proxy_error_log: /dev/stderr + admin_error_log: /dev/stderr + admin_gui_error_log: /dev/stderr + portal_api_error_log: /dev/stderr + prefix: /kong_prefix/ + +# Specify Kong's Docker image and repository details here image: repository: kong + # repository: kong-docker-kong-enterprise-k8s.bintray.io/kong-enterprise-k8s # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition - tag: 1.3 + tag: 1.4 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -30,12 +45,11 @@ image: # pullSecrets: # - myRegistrKeySecretName -waitImage: - repository: busybox - tag: latest - -# Specify Kong admin and proxy services configurations +# Specify Kong admin service configuration +# Note: It is recommended to not use the Admin API to configure Kong +# when using Kong as an Ingress Controller. admin: + enabled: false # If you want to specify annotations for the admin service, uncomment the following # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. annotations: {} @@ -50,19 +64,21 @@ admin: type: NodePort # Set a nodePort which is available # nodePort: 32444 - # Kong admin ingress settings. + # Kong admin ingress settings. Useful if you want to expose the Admin + # API of Kong outside the k8s cluster. ingress: # Enable/disable exposure using ingress. enabled: false # TLS secret name. # tls: kong-admin.example.com-tls - # Array of ingress hosts. - hosts: [] + # Ingress hostname + hostname: # Map of ingress annotations. annotations: {} # Ingress path. path: / +# Specify Kong proxy service configuration proxy: # If you want to specify annotations for the proxy service, uncomment the following # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. @@ -81,19 +97,30 @@ proxy: enabled: true servicePort: 443 containerPort: 8443 + # Set a target port for the TLS port in proxy service, useful when using TLS + # termination on an ELB. + # overrideServiceTargetPort: 8000 # Set a nodePort which is available if service type is NodePort nodePort: 32443 type: NodePort # Kong proxy ingress settings. + # Note: You need this only if you are using another Ingress Controller + # to expose Kong outside the k8s cluster. ingress: # Enable/disable exposure using ingress. enabled: false - # TLS secret name. - # tls: kong-proxy.example.com-tls - # Array of ingress hosts. hosts: [] + # TLS section. Unlike other ingresses, this follows the format at + # https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + # tls: + # - hosts: + # - 1.example.com + # secretName: example1-com-tls-secret + # - hosts: + # - 2.example.net + # secretName: example2-net-tls-secret # Map of ingress annotations. annotations: {} # Ingress path. @@ -101,6 +128,281 @@ proxy: externalIPs: [] +# Custom Kong plugins can be loaded into Kong by mounting the plugin code +# into the file-system of Kong container. +# The plugin code should be present in ConfigMap or Secret inside the same +# namespace as Kong is being installed. +# The `name` property refers to the name of the ConfigMap or Secret +# itself, while the pluginName refers to the name of the plugin as it appears +# in Kong. +plugins: {} + # configMaps: + # - pluginName: rewriter + # name: kong-plugin-rewriter + # secrets: + # - pluginName: rewriter + # name: kong-plugin-rewriter +# Inject specified secrets as a volume in Kong Container at path /etc/secrets/{secret-name}/ +# This can be used to override default SSL certificates +# Example configuration +# secretVolumes: +# - kong-proxy-tls +# - kong-admin-tls +secretVolumes: [] + +# Set runMigrations to run Kong migrations +runMigrations: true + +# Kong's configuration for DB-less mode +# Note: Use this section only if you are deploying Kong in DB-less mode +# and not as an Ingress Controller. +dblessConfig: + # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml) + configMap: "" + # Or the configuration is passed in full-text below + config: + _format_version: "1.1" + services: + # Example configuration + # - name: example.com + # url: http://example.com + # routes: + # - name: example + # paths: + # - "/example" + +# ----------------------------------------------------------------------------- +# Ingress Controller parameters +# ----------------------------------------------------------------------------- + +# Kong Ingress Controller's primary purpose is to satisfy Ingress resources +# created in k8s. It uses CRDs for more fine grained control over routing and +# for Kong specific configuration. +ingressController: + enabled: true + image: + repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller + tag: 0.7.0 + + # Specify Kong Ingress Controller configuration via environment variables + env: {} + + admissionWebhook: + enabled: false + failurePolicy: Fail + port: 8080 + + ingressClass: kong + + rbac: + # Specifies whether RBAC resources should be created + create: true + + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + + installCRDs: true + + # general properties + livenessProbe: + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + resources: {} + +# ----------------------------------------------------------------------------- +# Postgres sub-chart parameters +# ----------------------------------------------------------------------------- + +# Kong can run without a database or use either Postgres or Cassandra +# as a backend datatstore for it's configuration. +# By default, this chart installs Kong without a database. + +# If you would like to use a database, there are two options: +# - (recommended) Deploy and maintain a database and pass the connection +# details to Kong via the `env` section. +# - You can use the below `postgresql` sub-chart to deploy a database +# along-with Kong as part of a single Helm release. + +# PostgreSQL chart documentation: +# https://github.com/helm/charts/blob/master/stable/postgresql/README.md + +postgresql: + enabled: false + # postgresqlUsername: kong + # postgresqlDatabase: kong + # service: + # port: 5432 + +# ----------------------------------------------------------------------------- +# Miscellaneous parameters +# ----------------------------------------------------------------------------- + +waitImage: + repository: busybox + tag: latest + pullPolicy: IfNotPresent + +# update strategy +updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: "100%" + # maxUnavailable: "0%" + +# If you want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# readinessProbe for Kong pods +# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header +readinessProbe: + httpGet: + path: "/status" + port: metrics + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +# livenessProbe for Kong pods +livenessProbe: + httpGet: + path: "/status" + port: metrics + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +# affinity: {} + +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +# Annotation to be added to Kong pods +podAnnotations: {} + +# Kong pod count +replicaCount: 1 + +# Kong Pod Disruption Budget +podDisruptionBudget: + enabled: false + maxUnavailable: "50%" + +podSecurityPolicy: + enabled: false + +# securityContext for Kong pods. +securityContext: + runAsUser: 1000 + +serviceMonitor: + # Specifies whether ServiceMonitor for Prometheus operator should be created + enabled: false + # interval: 10s + # Specifies namespace, where ServiceMonitor should be installed + # namespace: monitoring + # labels: + # foo: bar + +# ----------------------------------------------------------------------------- +# Kong Enterprise parameters +# ----------------------------------------------------------------------------- + +# Toggle Kong Enterprise features on or off +# RBAC and SMTP configuration have additional options that must all be set together +# Other settings should be added to the "env" settings below +enterprise: + enabled: false + # Kong Enterprise license secret name + # This secret must contain a single 'license' key, containing your base64-encoded license data + # The license secret is required for all Kong Enterprise deployments + license_secret: you-must-create-a-kong-license-secret + # Session configuration secret + # The session conf secret is required if using RBAC or the Portal + vitals: + enabled: true + portal: + enabled: false + # portal_auth here sets the default authentication mechanism for the Portal + # FIXME This can be changed per-workspace, but must currently default to + # basic-auth to work around limitations with session configuration + portal_auth: basic-auth + # If the Portal is enabled and any workspace's Portal uses authentication, + # this Secret must contain an portal_session_conf key + # The key value must be a secret configuration, following the example at + # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/authentication/sessions + session_conf_secret: you-must-create-a-portal-session-conf-secret + rbac: + enabled: false + admin_gui_auth: basic-auth + # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key + # The key value must be a secret configuration, following the example at + # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions + session_conf_secret: you-must-create-an-rbac-session-conf-secret + # If admin_gui_auth is not set to basic-auth, provide a secret name which + # has an admin_gui_auth_conf key containing the plugin config JSON + admin_gui_auth_conf_secret: you-must-create-an-admin-gui-auth-conf-secret + # For configuring emails and SMTP, please read through: + # https://docs.konghq.com/enterprise/latest/developer-portal/configuration/smtp + # https://docs.konghq.com/enterprise/latest/kong-manager/networking/email + smtp: + enabled: false + portal_emails_from: none@example.com + portal_emails_reply_to: none@example.com + admin_emails_from: none@example.com + admin_emails_reply_to: none@example.com + smtp_admin_emails: none@example.com + smtp_host: smtp.example.com + smtp_port: 587 + smtp_starttls: true + auth: + # If your SMTP server does not require authentication, this section can + # be left as-is. If smtp_username is set to anything other than an empty + # string, you must create a Secret with an smtp_password key containing + # your SMTP password and specify its name here. + smtp_username: '' # e.g. postmaster@example.com + smtp_password_secret: you-must-create-an-smtp-password + manager: # If you want to specify annotations for the Manager service, uncomment the following # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. @@ -130,8 +432,8 @@ manager: enabled: false # TLS secret name. # tls: kong-proxy.example.com-tls - # Array of ingress hosts. - hosts: [] + # Ingress hostname + hostname: # Map of ingress annotations. annotations: {} # Ingress path. @@ -168,8 +470,8 @@ portal: enabled: false # TLS secret name. # tls: kong-proxy.example.com-tls - # Array of ingress hosts. - hosts: [] + # Ingress hostname + hostname: # Map of ingress annotations. annotations: {} # Ingress path. @@ -206,239 +508,11 @@ portalapi: enabled: false # TLS secret name. # tls: kong-proxy.example.com-tls - # Array of ingress hosts. - hosts: [] + # Ingress hostname + hostname: # Map of ingress annotations. annotations: {} # Ingress path. path: / externalIPs: [] - -# Toggle Kong Enterprise features on or off -# RBAC and SMTP configuration have additional options that must all be set together -# Other settings should be added to the "env" settings below -enterprise: - enabled: false - # Kong Enterprise license secret name - # This secret must contain a single 'license' key, containing your base64-encoded license data - # The license secret is required for all Kong Enterprise deployments - license_secret: you-must-create-a-kong-license-secret - # Session configuration secret - # The session conf secret is required if using RBAC or the Portal - vitals: - enabled: true - portal: - enabled: false - # portal_auth here sets the default authentication mechanism for the Portal - # FIXME This can be changed per-workspace, but must currently default to - # basic-auth to work around limitations with session configuration - portal_auth: basic-auth - # If the Portal is enabled and any workspace's Portal uses authentication, - # this Secret must contain an portal_session_conf key - # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ - session_conf_secret: you-must-create-a-portal-session-conf-secret - rbac: - enabled: false - admin_gui_auth: basic-auth - # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key - # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ - session_conf_secret: you-must-create-an-rbac-session-conf-secret - # Set to the appropriate plugin config JSON if not using basic-auth - admin_gui_auth_conf: {} - smtp: - enabled: false - portal_emails_from: none@example.com - portal_emails_reply_to: none@example.com - admin_emails_from: none@example.com - admin_emails_reply_to: none@example.com - smtp_admin_emails: none@example.com - smtp_host: smtp.example.com - smtp_port: 587 - smtp_starttls: true - auth: - # If your SMTP server does not require authentication, this section can - # be left as-is. If smtp_username is set to anything other than an empty - # string, you must create a Secret with an smtp_password key containing - # your SMTP password and specify its name here. - smtp_username: '' # e.g. postmaster@example.com - smtp_password_secret: you-must-create-an-smtp-password - -# Set runMigrations to run Kong migrations -runMigrations: true - -# update strategy -updateStrategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: "100%" - # maxUnavailable: "0%" - -# Specify Kong configurations -# Kong configurations guide https://getkong.org/docs/latest/configuration/ -# Values here take precedence over values from other sections of values.yaml, -# e.g. setting pg_user here will override the value normally set when postgresql.enabled -# is set below. In general, you should not set values here if they are set elsewhere. -env: - database: off - proxy_access_log: /dev/stdout - admin_access_log: /dev/stdout - admin_gui_access_log: /dev/stdout - portal_api_access_log: /dev/stdout - proxy_error_log: /dev/stderr - admin_error_log: /dev/stderr - admin_gui_error_log: /dev/stderr - portal_api_error_log: /dev/stderr - -# If you want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# readinessProbe for Kong pods -# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header -readinessProbe: - httpGet: - path: "/status" - port: admin - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - -# livenessProbe for Kong pods -# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header -livenessProbe: - httpGet: - path: "/status" - port: admin - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 5 - periodSeconds: 30 - successThreshold: 1 - failureThreshold: 5 - -# Affinity for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -# affinity: {} - -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Node labels for pod assignment -# Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -# Annotation to be added to Kong pods -podAnnotations: {} - -# Kong pod count -replicaCount: 1 - -# Kong Pod Disruption Budget -podDisruptionBudget: - enabled: false - maxUnavailable: "50%" - -# Kong has a choice of either Postgres or Cassandra as a backend datatstore. -# This chart allows you to choose either of them with the `database.type` -# parameter. Postgres is chosen by default. - -# Additionally, this chart allows you to use your own database or spin up a new -# instance by using the `postgres.enabled` or `cassandra.enabled` parameters. -# Enabling both will create both databases in your cluster, but only one -# will be used by Kong based on the `env.database` parameter. -# Postgres is enabled by default. - -# Cassandra chart configs -cassandra: - enabled: false - -# PostgreSQL chart configs -postgresql: - enabled: false - postgresqlUsername: kong - postgresqlDatabase: kong - service: - port: 5432 - -# Kong Ingress Controller's primary purpose is to satisfy Ingress resources -# created in k8s. It uses CRDs for more fine grained control over routing and -# for Kong specific configuration. -ingressController: - enabled: true - image: - repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller - tag: 0.6.0 - replicaCount: 1 - livenessProbe: - failureThreshold: 3 - httpGet: - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 3 - httpGet: - path: "/healthz" - port: 10254 - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - - installCRDs: true - - rbac: - # Specifies whether RBAC resources should be created - create: true - - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - - ingressClass: kong - - podDisruptionBudget: - enabled: false - maxUnavailable: "50%" - -# We pass the dbless (declarative) config over here. -dblessConfig: - # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml) - configMap: "" - # Or the configuration is passed in full-text below - config: - _format_version: "1.1" - services: - # Example configuration - # - name: example.com - # url: http://example.com - # routes: - # - name: example - # paths: - # - "/example" - -serviceMonitor: - # Specifies whether ServiceMonitor for Prometheus operator should be created - enabled: false - # interval: 10s - # Specifies namespace, where ServiceMonitor should be installed - # namespace: monitoring