DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2023-07-30 08:32:26 -05:00
parent d6f34d3eb4
commit 8f49233a24
3 changed files with 24 additions and 399 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
kong/templates/certs.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: quickstart-kong-selfsigned-issuer-root
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: quickstart-kong-selfsigned-issuer-ca
spec:
commonName: quickstart-kong-selfsigned-issuer-ca
duration: 2160h0m0s
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: quickstart-kong-selfsigned-issuer-root
privateKey:
algorithm: ECDSA
size: 256
renewBefore: 360h0m0s
secretName: quickstart-kong-selfsigned-issuer-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: quickstart-kong-selfsigned-issuer
spec:
ca:
secretName: quickstart-kong-selfsigned-issuer-ca

66
kong/templates/secrets.yaml
View File

@@ -1,22 +1,11 @@
apiVersion: v1
data:
license: J3t9Jw==
kind: Secret
metadata:
creationTimestamp: null
name: kong-enterprise-license
namespace: kong
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kong-cluster-cert
spec:
secretStoreRef:
name: vault-kong
kind: SecretStore
name: vault
kind: ClusterSecretStore
target:
name: kong-cluster-cert
data:
@@ -28,54 +17,3 @@ spec:
remoteRef:
key: secrets/kong/tls
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-kong
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kong-config-secret
spec:
secretStoreRef:
name: vault-kong
kind: SecretStore
target:
name: kong-config-secret
data:
- secretKey: admin_gui_session_conf
remoteRef:
key: secrets/kong/config
property: admin_gui_session_conf
- secretKey: kong_admin_password
remoteRef:
key: secrets/kong/config
property: kong_admin_password
- secretKey: password
remoteRef:
key: secrets/kong/config
property: password
- secretKey: pg_host
remoteRef:
key: secrets/kong/config
property: pg_host
- secretKey: portal_session_conf
remoteRef:
key: secrets/kong/config
property: portal_session_conf

325
kong/values.yaml
View File

@@ -1,309 +1,28 @@
kong:
admin:
annotations:
konghq.com/protocol: https
enabled: true
http:
enabled: false
ingress:
annotations:
konghq.com/https-redirect-status-code: "301"
konghq.com/protocols: https
konghq.com/strip-path: "true"
kubernetes.io/ingress.class: default
nginx.ingress.kubernetes.io/app-root: /
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/permanent-redirect-code: "301"
enabled: true
hostname: kong.durp.info
path: /api
tls: quickstart-kong-admin-cert
tls:
containerPort: 8444
enabled: true
parameters:
- http2
servicePort: 8444
type: ClusterIP
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- dataplane
topologyKey: kubernetes.io/hostname
weight: 100
certificates:
enabled: true
issuer: quickstart-kong-selfsigned-issuer
cluster:
enabled: true
admin:
enabled: true
commonName: kong.durp.info
portal:
enabled: true
commonName: developer.durp.info
proxy:
enabled: true
commonName: durp.info
dnsNames:
- '*.durp.info'
cluster:
enabled: true
labels:
konghq.com/service: cluster
tls:
containerPort: 8005
enabled: true
servicePort: 8005
type: ClusterIP
clustertelemetry:
enabled: true
tls:
containerPort: 8006
enabled: true
servicePort: 8006
type: ClusterIP
deployment:
kong:
daemonset: false
enabled: true
enterprise:
enabled: true
license_secret: kong-enterprise-license
portal:
enabled: true
rbac:
admin_api_auth: basic-auth
admin_gui_auth_conf_secret: kong-config-secret
enabled: true
session_conf_secret: kong-config-secret
smtp:
enabled: false
vitals:
enabled: true
env:
admin_access_log: /dev/stdout
admin_api_uri: https://kong.durp.info/api
admin_error_log: /dev/stdout
admin_gui_access_log: /dev/stdout
admin_gui_error_log: /dev/stdout
admin_gui_host: kong.durp.info
admin_gui_protocol: https
admin_gui_url: https://kong.durp.info/
cluster_data_plane_purge_delay: 60
cluster_listen: 0.0.0.0:8005
cluster_telemetry_listen: 0.0.0.0:8006
database: postgres
log_level: debug
lua_package_path: /opt/?.lua;;
nginx_worker_processes: "2"
password:
valueFrom:
secretKeyRef:
key: kong_admin_password
name: kong-config-secret
pg_database: kong
pg_host:
valueFrom:
secretKeyRef:
key: pg_host
name: kong-config-secret
pg_ssl: "off"
pg_ssl_verify: "off"
pg_user: kong
plugins: bundled,openid-connect
portal: true
portal_api_access_log: /dev/stdout
portal_api_error_log: /dev/stdout
portal_api_url: https://developer.durp.info/api
portal_auth: basic-auth
portal_cors_origins: '*'
portal_gui_access_log: /dev/stdout
portal_gui_error_log: /dev/stdout
portal_gui_host: developer.durp.info
portal_gui_protocol: https
portal_gui_url: https://developer.durp.info/
portal_session_conf:
valueFrom:
secretKeyRef:
key: portal_session_conf
name: kong-config-secret
prefix: /kong_prefix/
proxy_access_log: /dev/stdout
proxy_error_log: /dev/stdout
proxy_stream_access_log: /dev/stdout
proxy_stream_error_log: /dev/stdout
smtp_mock: "on"
status_listen: 0.0.0.0:8100
trusted_ips: 0.0.0.0/0,::/0
vitals: true
extraLabels:
konghq.com/component: quickstart
image:
repository: kong/kong-gateway
tag: "3.3"
secretVolumes:
- kong-cluster-cert
admin:
enabled: false
env:
role: data_plane
database: "off"
cluster_mtls: pki
cluster_control_plane: a0791ed975.us.cp0.konghq.com:443
cluster_server_name: a0791ed975.us.cp0.konghq.com
cluster_telemetry_endpoint: a0791ed975.us.tp0.konghq.com:443
cluster_telemetry_server_name: a0791ed975.us.tp0.konghq.com
cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
lua_ssl_trusted_certificate: system
konnect_mode: "on"
vitals: "off"
ingressController:
enabled: true
env:
kong_admin_filter_tag: ingress_controller_default
kong_admin_tls_skip_verify: true
kong_admin_token:
valueFrom:
secretKeyRef:
key: password
name: kong-config-secret
kong_admin_url: https://localhost:8444
kong_workspace: default
publish_service: kong/quickstart-kong-proxy
image:
repository: docker.io/kong/kubernetes-ingress-controller
tag: "2.10"
ingressClass: default
enabled: false
installCRDs: false
manager:
annotations:
konghq.com/protocol: https
enabled: true
http:
containerPort: 8002
enabled: false
servicePort: 8002
ingress:
annotations:
konghq.com/https-redirect-status-code: "301"
kubernetes.io/ingress.class: default
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
enabled: true
hostname: kong.durp.info
path: /
tls: quickstart-kong-admin-cert
tls:
containerPort: 8445
enabled: true
parameters:
- http2
servicePort: 8445
type: ClusterIP
migrations:
enabled: true
postUpgrade: true
preUpgrade: true
namespace: kong
podAnnotations:
kuma.io/gateway: enabled
portal:
annotations:
konghq.com/protocol: https
enabled: true
http:
containerPort: 8003
enabled: false
servicePort: 8003
ingress:
annotations:
konghq.com/https-redirect-status-code: "301"
konghq.com/protocols: https
konghq.com/strip-path: "false"
kubernetes.io/ingress.class: default
enabled: true
hostname: developer.durp.info
path: /
tls: quickstart-kong-portal-cert
tls:
containerPort: 8446
enabled: true
parameters:
- http2
servicePort: 8446
type: ClusterIP
portalapi:
annotations:
konghq.com/protocol: https
enabled: true
http:
enabled: false
ingress:
annotations:
konghq.com/https-redirect-status-code: "301"
konghq.com/protocols: https
konghq.com/strip-path: "true"
kubernetes.io/ingress.class: default
nginx.ingress.kubernetes.io/app-root: /
enabled: true
hostname: developer.durp.info
path: /api
tls: quickstart-kong-portal-cert
tls:
containerPort: 8447
enabled: true
parameters:
- http2
servicePort: 8447
type: ClusterIP
postgresql:
enabled: true
auth:
database: kong
username: kong
proxy:
annotations:
prometheus.io/port: "9542"
prometheus.io/scrape: "true"
enabled: true
http:
containerPort: 8080
enabled: true
hostPort: 80
ingress:
enabled: false
labels:
enable-metrics: true
tls:
containerPort: 8443
enabled: true
hostPort: 443
type: LoadBalancer
replicaCount: 1
secretVolumes: []
status:
enabled: true
http:
containerPort: 8100
enabled: true
tls:
containerPort: 8543
enabled: false
#image:
# repository: kong/kong-gateway
# tag: "3.3"
#secretVolumes:
#- kong-cluster-cert
#admin:
# enabled: false
#env:
# role: data_plane
# database: "off"
# cluster_mtls: pki
# cluster_control_plane: a0791ed975.us.cp0.konghq.com:443
# cluster_server_name: a0791ed975.us.cp0.konghq.com
# cluster_telemetry_endpoint: a0791ed975.us.tp0.konghq.com:443
# cluster_telemetry_server_name: a0791ed975.us.tp0.konghq.com
# cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
# cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
# lua_ssl_trusted_certificate: system
# konnect_mode: "on"
# vitals: "off"
#ingressController:
# enabled: false
# installCRDs: false