X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ric-infra%2F30-Kong%2Fhelm%2Fkong%2Fcharts%2Fkong%2FREADME.md;h=be6bc157cd2a916475bde1ace0c371645f32423e;hb=refs%2Fchanges%2F34%2F1234%2F9;hp=1df9b716256971082519080e86111de3ada4558c;hpb=2df61c2fcf64b32ecf7f064ef9cbbe6b54a15bc0;p=it%2Fdep.git diff --git a/ric-infra/30-Kong/helm/kong/charts/kong/README.md b/ric-infra/30-Kong/helm/kong/charts/kong/README.md index 1df9b716..be6bc157 100755 --- a/ric-infra/30-Kong/helm/kong/charts/kong/README.md +++ b/ric-infra/30-Kong/helm/kong/charts/kong/README.md @@ -58,55 +58,62 @@ chart and deletes the release. The following table lists the configurable parameters of the Kong chart and their default values. -| Parameter | Description | Default | -| ------------------------------ | -------------------------------------------------------------------------------- | ------------------- | -| image.repository | Kong image | `kong` | -| image.tag | Kong image version | `1.2` | -| image.pullPolicy | Image pull policy | `IfNotPresent` | -| image.pullSecrets | Image pull secrets | `null` | -| replicaCount | Kong instance count | `1` | -| admin.useTLS | Secure Admin traffic | `true` | -| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | -| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | -| admin.nodePort | Node port when service type is `NodePort` | | -| admin.hostPort | Host port to use for admin traffic | | -| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | -| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | -| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | -| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | -| admin.ingress.tls | Name of secret resource, containing TLS secret | | -| admin.ingress.hosts | List of ingress hosts. | `[]` | -| admin.ingress.path | Ingress path. | `/` | -| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| proxy.http.enabled | Enables http on the proxy | true | -| proxy.http.servicePort | Service port to use for http | 80 | -| proxy.http.containerPort | Container port to use for http | 8000 | -| proxy.http.nodePort | Node port to use for http | 32080 | -| proxy.http.hostPort | Host port to use for http | | -| proxy.tls.enabled | Enables TLS on the proxy | true | -| proxy.tls.containerPort | Container port to use for TLS | 8443 | -| proxy.tls.servicePort | Service port to use for TLS | 8443 | -| proxy.tls.nodePort | Node port to use for TLS | 32443 | -| proxy.tls.hostPort | Host port to use for TLS | | -| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | -| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | -| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | -| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` | -| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | | -| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | -| proxy.ingress.tls | Name of secret resource, containing TLS secret | | -| proxy.ingress.hosts | List of ingress hosts. | `[]` | -| proxy.ingress.path | Ingress path. | `/` | -| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | | -| runMigrations | Run Kong migrations job | `true` | -| readinessProbe | Kong readiness probe | | -| livenessProbe | Kong liveness probe | | -| affinity | Node/pod affinities | | -| nodeSelector | Node labels for pod assignment | `{}` | -| podAnnotations | Annotations to add to each pod | `{}` | -| resources | Pod resource requests & limits | `{}` | -| tolerations | List of node taints to tolerate | `[]` | +| Parameter | Description | Default | +| ---------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| image.repository | Kong image | `kong` | +| image.tag | Kong image version | `1.3` | +| image.pullPolicy | Image pull policy | `IfNotPresent` | +| image.pullSecrets | Image pull secrets | `null` | +| replicaCount | Kong instance count | `1` | +| admin.useTLS | Secure Admin traffic | `true` | +| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | +| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | +| admin.nodePort | Node port when service type is `NodePort` | | +| admin.hostPort | Host port to use for admin traffic | | +| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | +| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| admin.ingress.tls | Name of secret resource, containing TLS secret | | +| admin.ingress.hosts | List of ingress hosts. | `[]` | +| admin.ingress.path | Ingress path. | `/` | +| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| proxy.http.enabled | Enables http on the proxy | true | +| proxy.http.servicePort | Service port to use for http | 80 | +| proxy.http.containerPort | Container port to use for http | 8000 | +| proxy.http.nodePort | Node port to use for http | 32080 | +| proxy.http.hostPort | Host port to use for http | | +| proxy.tls.enabled | Enables TLS on the proxy | true | +| proxy.tls.containerPort | Container port to use for TLS | 8443 | +| proxy.tls.servicePort | Service port to use for TLS | 8443 | +| proxy.tls.nodePort | Node port to use for TLS | 32443 | +| proxy.tls.hostPort | Host port to use for TLS | | +| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | +| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` | +| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | | +| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| proxy.ingress.tls | Name of secret resource, containing TLS secret | | +| proxy.ingress.hosts | List of ingress hosts. | `[]` | +| proxy.ingress.path | Ingress path. | `/` | +| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| updateStrategy | update strategy for deployment | `{}` | +| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | | +| runMigrations | Run Kong migrations job | `true` | +| readinessProbe | Kong readiness probe | | +| livenessProbe | Kong liveness probe | | +| affinity | Node/pod affinities | | +| nodeSelector | Node labels for pod assignment | `{}` | +| podAnnotations | Annotations to add to each pod | `{}` | +| resources | Pod resource requests & limits | `{}` | +| tolerations | List of node taints to tolerate | `[]` | +| podDisruptionBudget.enabled | Enable PodDisruptionBudget for Kong | `false` | +| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | +| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | +| serviceMonitor.enabled | Create ServiceMonitor for Prometheus Operator | false | +| serviceMonitor.interval | Scrapping interval | 10s | +| serviceMonitor.namespace | Where to create ServiceMonitor | | ### Admin/Proxy listener override @@ -115,12 +122,12 @@ the value provided by you as opposed to constructing a listen variable from fields like `proxy.http.containerPort` and `proxy.http.enabled`. This allows you to be more prescriptive when defining listen directives. -**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause -`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync, +**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause +`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync, and therefore must be updated accordingly. -I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need -`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order +I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need +`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order for the service definition to work properly. ### Kong-specific parameters @@ -135,23 +142,24 @@ Enabling both will create both databases in your cluster, but only one will be used by Kong based on the `env.database` parameter. Postgres is enabled by default. -| Parameter | Description | Default | -| ------------------------------ | -------------------------------------------------------------------- | ------------------- | -| cassandra.enabled | Spin up a new cassandra cluster for Kong | `false` | -| postgresql.enabled | Spin up a new postgres instance for Kong | `true` | -| waitImage.repository | Image used to wait for database to become ready | `busybox` | -| waitImage.tag | Tag for image used to wait for database to become ready | `latest` | -| env.database | Choose either `postgres` or `cassandra` | `postgres` | -| env.pg_user | Postgres username | `kong` | -| env.pg_database | Postgres database name | `kong` | -| env.pg_password | Postgres database password (required if you are using your own database)| `kong` | -| env.pg_host | Postgres database host (required if you are using your own database) | `` | -| env.pg_port | Postgres database port | `5432` | -| env.cassandra_contact_points | Cassandra contact points (required if you are using your own database) | `` | -| env.cassandra_port | Cassandra query port | `9042` | -| env.cassandra_keyspace | Cassandra keyspace | `kong` | -| env.cassandra_repl_factor | Replication factor for the Kong keyspace | `2` | - +| Parameter | Description | Default | +| ------------------------------| ------------------------------------------------------------------------| ----------------------| +| cassandra.enabled | Spin up a new cassandra cluster for Kong | `false` | +| postgresql.enabled | Spin up a new postgres instance for Kong | `true` | +| waitImage.repository | Image used to wait for database to become ready | `busybox` | +| waitImage.tag | Tag for image used to wait for database to become ready | `latest` | +| env.database | Choose either `postgres`, `cassandra` or `"off"` (for dbless mode) | `postgres` | +| env.pg_user | Postgres username | `kong` | +| env.pg_database | Postgres database name | `kong` | +| env.pg_password | Postgres database password (required if you are using your own database)| `kong` | +| env.pg_host | Postgres database host (required if you are using your own database) | `` | +| env.pg_port | Postgres database port | `5432` | +| env.cassandra_contact_points | Cassandra contact points (required if you are using your own database) | `` | +| env.cassandra_port | Cassandra query port | `9042` | +| env.cassandra_keyspace | Cassandra keyspace | `kong` | +| env.cassandra_repl_factor | Replication factor for the Kong keyspace | `2` | +| dblessConfig.configMap | Name of an existing ConfigMap containing the `kong.yml` file. This must have the key `kong.yml`.| `` | +| dblessConfig.config | Yaml configuration file for the dbless (declarative) configuration of Kong | see in `values.yaml` | All `kong.env` parameters can also accept a mapping instead of a value to ensure the parameters can be set through configmaps and secrets. @@ -167,7 +175,7 @@ kong: key: kong name: postgres ``` - + For complete list of Kong configurations please check https://getkong.org/docs/latest/configuration/. @@ -175,7 +183,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console $ helm install stable/kong --name my-release \ - --set=image.tag=1.2,env.database=cassandra,cassandra.enabled=true + --set=image.tag=1.3,env.database=cassandra,cassandra.enabled=true ``` Alternatively, a YAML file that specifies the values for the above parameters @@ -324,6 +332,16 @@ If your SMTP server requires authentication, you should the `username` and `smtp_password_secret` must be a Secret containing an `smtp_password` key whose value is your SMTP password. +### DB-less Configuration + + +When deploying Kong in DB-less mode (`env.database: "off"`) and without the Ingress +Controller (`ingressController.enabled: false`), Kong needs a config to run. In +this case, configuration can be provided using an exsiting ConfigMap +(`dblessConfig.configMap`) or pushed directly into the values file under +`dblessConfig.config`. See the example configuration in the default values.yaml +for more details. + ### Kong Ingress Controller Kong Ingress Controller's primary purpose is to satisfy Ingress resources @@ -363,12 +381,17 @@ The custom resources are: You can can learn about kong ingress custom resource definitions [here](https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-resources.md). -| Parameter | Description | Default | -| --------------- | ----------------------------------------- | ---------------------------------------------------------------------------- | -| enabled | Deploy the ingress controller, rbac and crd | false | -| replicaCount | Number of desired ingress controllers | 1 | -| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller | -| image.tag | Version of the ingress controller | 0.2.0 | -| readinessProbe | Kong ingress controllers readiness probe | | -| livenessProbe | Kong ingress controllers liveness probe | | -| ingressClass | The ingress-class value for controller | nginx + +| Parameter | Description | Default | +| ---------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| enabled | Deploy the ingress controller, rbac and crd | false | +| replicaCount | Number of desired ingress controllers | 1 | +| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller | +| image.tag | Version of the ingress controller | 0.2.0 | +| readinessProbe | Kong ingress controllers readiness probe | | +| livenessProbe | Kong ingress controllers liveness probe | | +| ingressClass | The ingress-class value for controller | nginx | +| podDisruptionBudget.enabled | Enable PodDisruptionBudget for ingress controller | `false` | +| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | +| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | +