Kong Enterprise Stand-Alone with Flux

kong-flux.yaml

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: kong
  namespace: flux-system
spec:
  interval: 30m
  url: https://charts.konghq.com
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: kong
  namespace: kong
spec:
  chart:
    spec:
      chart: kong
      sourceRef:
        kind: HelmRepository
        name: kong
        namespace: flux-system
      version: ">=2.8.0"
  install:
    remediation:
      retries: 3
  values:
    image:
      repository: kong/kong-gateway
      tag: "2.8"
    env:
      prefix: /kong_prefix/

      # Logs Output
      nginx_worker_processes: "1"
      proxy_access_log: /dev/stdout
      admin_access_log: /dev/stdout
      admin_gui_access_log: /dev/stdout
      portal_api_access_log: /dev/stdout
      proxy_error_log: /dev/stderr
      admin_error_log: /dev/stderr
      admin_gui_error_log: /dev/stderr
      portal_api_error_log: /dev/stderr
      
      database: postgres
      ## Variables to set if you are using external Postgres Database
      #pg_host: ${db_host} # "kong-db-postgresql.kong.svc.cluster.local"
      #pg_port: ${db_port} # 5044 typically
      #pg_user: ${db_username}
      #pg_password: 
      # valueFrom:
      #   secretKeyRef:
      #     name: kong-db-password #CHANGEME
      #     key: postgresql-password #CHANGEME
      #pg_ssl: "off"
      #pg_ssl_verify: "off"

      # Proxy Secret Key pair
      ssl_cert: /etc/secrets/kong-proxy-secret/tls.crt
      ssl_cert_key: /etc/secrets/kong-proxy-secret/tls.key

      #Admin
      admin_api_uri: https://admin.schoo.dev
      admin_gui_url: https://manager.schoo.dev

      # Portal
      portal_gui_protocol: https
      portal_api_url: https://portalapi.schoo.dev
      portal_gui_host: portal.schoo.dev
      portal_auth: basic-auth
      portal_session_conf: '{ "cookie_name":"portal_session","secret":"xxxx","storage":"kong", "cookie_secure": false, "cookie_domain": ".schoo.dev", "cookie_samesite": "off"}'

      portal: on
      password: # Set Super Admin Password
        valueFrom:
          secretKeyRef:
            name: kong-enterprise-superuser-password 
            key: password 

    admin:
      enabled: true
      annotations: 
        konghq.com/protocol: "https"
      tls:
        # Enable HTTPS listen for the admin API
        enabled: true
        servicePort: 8444
        containerPort: 8444
        # Set a target port for the TLS port in the admin API service, useful when using TLS
        # termination on an ELB.
        # overrideServiceTargetPort: 8000
        # Set a nodePort which is available if service type is NodePort
        # nodePort: 32443
        # Additional listen parameters, e.g. "reuseport", "backlog=16384"
        parameters:
        - http2
      http:
      # Enable plaintext HTTP listen for the admin API
      # Disabling this and using a TLS listen only is recommended for most configuration
        enabled: true
        servicePort: 8001
        containerPort: 8001
      # Set a nodePort which is available if service type is NodePort
      # nodePort: 32080
      # Additional listen parameters, e.g. "reuseport", "backlog=16384"
      parameters: []

      ingress:
        enabled: true
        tls: admin-nyp-dev
        hostname: admin.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /

    # Specify Kong proxy service configuration
    proxy:
      # Enable creating a Kubernetes service for the proxy
      enabled: true
      type: LoadBalancer
      labels:
        enable-metrics: "true"

      http:
        enabled: true
        servicePort: 80
        containerPort: 8000
        parameters: []

      tls:
        enabled: true
        servicePort: 443
        containerPort: 8443
        parameters:
        - http2


    secretVolumes:
    - kong-proxy-secret

    enterprise:
      enabled: true
      # CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
      license_secret: kong-enterprise-license
      vitals:
        enabled: true
      portal:
        enabled: true
      rbac:
        enabled: true
        admin_gui_auth: basic-auth
        session_conf_secret: kong-session-config
        admin_gui_auth_conf_secret: kong-session-config
      smtp:
        enabled: false

    manager:
      enabled: true
      type: ClusterIP
      annotations: 
        konghq.com/protocol: "https"

      http:
        enabled: true
        servicePort: 8002
        containerPort: 8002
        parameters: []

      tls:
        enabled: true
        servicePort: 8445
        containerPort: 8445
        parameters:
        - http2

      ingress:
        enabled: true
        tls: manager-nyp-dev
        hostname: manager.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /
      externalIPs: []

    portal:
      enabled: true
      type: ClusterIP
      annotations: 
        konghq.com/protocol: "https"

      http:
        enabled: true
        servicePort: 8003
        containerPort: 8003
        parameters: []

      tls:
        enabled: true
        servicePort: 8446
        containerPort: 8446
        parameters:
        - http2

      ingress:
        enabled: true
        tls: portal-nyp-dev
        hostname: portal.schoo.dev
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
        ingressClassName: kong
        path: /

      externalIPs: []

    portalapi:
      enabled: false
      
    postgresql:
      enabled: true
      auth:
        username: kong
        database: kong

    ingressController:
      enabled: true
      installCRDs: false
      env:
        kong_admin_token:
          valueFrom:
            secretKeyRef:
              name: kong-enterprise-superuser-password #CHANGEME
              key: password #CHANGEME