Created
April 5, 2024 00:11
-
-
Save robincher/6093218f0a486ee3e6b81d3da8e3f1bc to your computer and use it in GitHub Desktop.
TAL-Sample-Kong-CP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| image: | |
| repository: kong/kong-gateway | |
| tag: 3.4.3.5 | |
| env: | |
| # Env variables to overwrite, read more here https://github.com/Kong/kong/blob/master/kong.conf.default | |
| prefix: /kong_prefix/ | |
| role: control_plane | |
| #Logs Output level https://docs.konghq.com/gateway/latest/configure/logging/ | |
| log_level: warn | |
| nginx_worker_processes: "1" #On Kubernetes, set nginx_worker_processes to one or two less than the worker node CPUs. | |
| proxy_access_log: /dev/stdout | |
| admin_access_log: /dev/stdout | |
| admin_gui_access_log: /dev/stdout | |
| proxy_error_log: /dev/stderr | |
| admin_error_log: /dev/stderr | |
| admin_gui_error_log: /dev/stderr | |
| portal_api_access_log: /dev/stdout | |
| portal_api_error_log: /dev/stderr | |
| database: postgres | |
| # Variables to set if you are using external Postgres Database | |
| pg_host: kong-db-postgresql.kong.svc.cluster.local | |
| pg_port: 5432 | |
| pg_user: konger | |
| pg_database: kong # Pre-create in RDS First | |
| pg_password: | |
| valueFrom: | |
| secretKeyRef: | |
| name: kong-db-password #CHANGEME | |
| key: postgresql-password #CHANGEME | |
| tracing_instrumentations: true | |
| tracing_sampling_rate: 0.2 | |
| # Any Custom Plugins you built | |
| plugins: bundled | |
| ## Admin Configuration ## | |
| #FQDN for your admin API route, you can indicate this if you already created an entry in Route 53 (Recommended Approach). Something like admin.kong.dev.customer.com | |
| admin_api_uri: http://somewhere:8444 | |
| #FQDN for your admin gui (Kong Manager) route, you can indicate this if you already created an entry in Route 53 (Recommended Approach) manager.kong.dev.customer.com | |
| admin_gui_url: http://somewhere:8444 | |
| ### TLS Settings ### | |
| # Hybird Mode Communication requirement | |
| cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt | |
| cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key | |
| cluster_mtls: shared | |
| portal: off | |
| password: # Set default Super Admin Password | |
| valueFrom: | |
| secretKeyRef: | |
| name: kong-enterprise-superuser-password | |
| key: password | |
| cluster: | |
| enabled: true | |
| type: ClusterIP | |
| tls: | |
| enabled: true | |
| servicePort: 8005 | |
| containerPort: 8005 | |
| clustertelemetry: | |
| enabled: true | |
| type: ClusterIP # set to cluster ip if both CP and DP sits together | |
| tls: | |
| enabled: true | |
| servicePort: 8006 | |
| containerPort: 8006 | |
| admin: | |
| enabled: true | |
| type: LoadBalancer | |
| annotations: | |
| service.beta.kubernetes.io/aws-load-balancer-type: "nlb" | |
| service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public | |
| http: | |
| # Enable plaintext HTTP listen for the admin API | |
| # Disabling this and using a TLS listen only is recommended for most configuration | |
| enabled: false | |
| tls: | |
| # Enable HTTPS listen for the admin API | |
| enabled: true | |
| servicePort: 8444 | |
| containerPort: 8444 | |
| parameters: | |
| - http2 | |
| proxy: | |
| # Enable creating a Kubernetes service for the proxy | |
| enabled: false | |
| secretVolumes: | |
| - kong-cluster-cert | |
| enterprise: | |
| enabled: true | |
| # CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license | |
| license_secret: kong-enterprise-license | |
| vitals: | |
| enabled: true | |
| portal: | |
| enabled: true | |
| rbac: | |
| enabled: true | |
| admin_gui_auth: basic-auth | |
| session_conf_secret: kong-session-config | |
| admin_gui_auth_conf_secret: kong-session-config | |
| smtp: | |
| enabled: false | |
| # portal_emails_from: [email protected] | |
| # portal_emails_reply_to: [email protected] | |
| # admin_emails_from: [email protected] | |
| # admin_emails_reply_to: [email protected] | |
| # smtp_admin_emails: [email protected] | |
| # smtp_host: smtp.example.com | |
| # smtp_port: 587 | |
| # smtp_auth_type: '' | |
| # smtp_ssl: nil | |
| # smtp_starttls: true | |
| # auth: | |
| # # If your SMTP server does not require authentication, this section can | |
| # # be left as-is. If smtp_username is set to anything other than an empty | |
| # # string, you must create a Secret with an smtp_password key containing | |
| # # your SMTP password and specify its name here. | |
| # smtp_username: '' # e.g. [email protected] | |
| # smtp_password_secret: CHANGEME-smtp-password | |
| manager: | |
| enabled: true | |
| type: LoadBalancer | |
| annotations: | |
| service.beta.kubernetes.io/aws-load-balancer-type: "nlb" | |
| service.beta.kubernetes.io/aws-load-balancer-internal: "false" # Can be set to true for internal lb so that you won't exposed it to the public | |
| http: | |
| enabled: false | |
| portal: | |
| enabled: off # Enable True if required | |
| portalapi: | |
| enabled: off # Enable True if required | |
| postgresql: | |
| enabled: false #set to fasle if using Remote RDS | |
| # auth: | |
| # username: kong | |
| # database: kong | |
| # ----------------------------------------------------------------------------- | |
| # Configure cert-manager integration | |
| # ----------------------------------------------------------------------------- | |
| certificates: | |
| enabled: false | |
| # Enable/disable migration jobs, and set annotations for them | |
| migrations: | |
| # Enable pre-upgrade migrations (run "kong migrations up") | |
| preUpgrade: true | |
| # Enable post-upgrade migrations (run "kong migrations finish") | |
| postUpgrade: true | |
| ingressController: | |
| enabled: false | |
| installCRDs: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment