From ce216256715277b90593d53e58728a686b2bf0ec Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Sun, 16 Jul 2023 13:47:20 -0500 Subject: [PATCH] update --- kong/templates/certs.yaml | 36 ----- kong/templates/ingress.yaml | 109 ++------------- kong/templates/secrets.yaml | 64 --------- kong/values-old.yaml | 257 ------------------------------------ 4 files changed, 11 insertions(+), 455 deletions(-) delete mode 100644 kong/templates/certs.yaml delete mode 100644 kong/values-old.yaml diff --git a/kong/templates/certs.yaml b/kong/templates/certs.yaml deleted file mode 100644 index 94d0457..0000000 --- a/kong/templates/certs.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: quickstart-kong-selfsigned-issuer-root -spec: - selfSigned: {} - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: quickstart-kong-selfsigned-issuer-ca -spec: - commonName: quickstart-kong-selfsigned-issuer-ca - duration: 2160h0m0s - isCA: true - issuerRef: - group: cert-manager.io - kind: Issuer - name: quickstart-kong-selfsigned-issuer-root - privateKey: - algorithm: ECDSA - size: 256 - renewBefore: 360h0m0s - secretName: quickstart-kong-selfsigned-issuer-ca - ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: quickstart-kong-selfsigned-issuer -spec: - ca: - secretName: quickstart-kong-selfsigned-issuer-ca \ No newline at end of file diff --git a/kong/templates/ingress.yaml b/kong/templates/ingress.yaml index 50d1f22..3dbd5a4 100644 --- a/kong/templates/ingress.yaml +++ b/kong/templates/ingress.yaml @@ -13,119 +13,32 @@ spec: --- -#kind: Service -#apiVersion: v1 -#metadata: -# name: kong-external-dns -# annotations: -# external-dns.alpha.kubernetes.io/hostname: kong.durp.info -#spec: -# type: ExternalName -# externalName: durp.info - ---- - apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: - name: kong-kong-admin + name: kong-kong-proxy namespace: kong spec: entryPoints: - websecure routes: - - match: Host(`kong.durp.info`) && PathPrefix(`/api`) + - match: Host(`kong.durp.info`) && PathPrefix(`/`) kind: Rule services: - - name: kong-kong-admin - port: 8444 + - name: kong-kong-proxy + port: 443 scheme: https tls: secretName: kong-tls --- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute +kind: Service +apiVersion: v1 metadata: - name: kong-kong-manager - namespace: kong + name: kong-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: kong.durp.info spec: - entryPoints: - - websecure - routes: - - match: Host(`kong.durp.info`) - kind: Rule - services: - - name: kong-kong-manager - port: 8445 - scheme: https - tls: - secretName: kong-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kong-developer-tls -spec: - secretName: kong-developer-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "developer.durp.info" - dnsNames: - - "developer.durp.info" - ---- - -#kind: Service -#apiVersion: v1 -#metadata: -# name: kong-developer-external-dns -# annotations: -# external-dns.alpha.kubernetes.io/hostname: developer.durp.info -#spec: -# type: ExternalName -# externalName: durp.info -# ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: kong-kong-portal - namespace: kong -spec: - entryPoints: - - websecure - routes: - - match: Host(`developer.durp.info`) - kind: Rule - services: - - name: kong-kong-portal - port: 8446 - scheme: https - tls: - secretName: kong-developer-tls - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: kong-kong-portalapi - namespace: kong -spec: - entryPoints: - - websecure - routes: - - match: Host(`developer.durp.info`) && PathPrefix(`/api`) - kind: Rule - services: - - name: kong-kong-portalapi - port: 8447 - scheme: https - tls: - secretName: kong-developer-tls + type: ExternalName + externalName: durp.info diff --git a/kong/templates/secrets.yaml b/kong/templates/secrets.yaml index 284f0c3..6039c00 100644 --- a/kong/templates/secrets.yaml +++ b/kong/templates/secrets.yaml @@ -29,40 +29,6 @@ spec: key: secrets/kong/tls property: key -#--- -# -#apiVersion: external-secrets.io/v1beta1 -#kind: ExternalSecret -#metadata: -# name: kong-config-secret -#spec: -# secretStoreRef: -# name: vault-kong -# kind: SecretStore -# target: -# name: kong-config-secret -# data: -# - secretKey: admin_gui_session_conf -# remoteRef: -# key: secrets/kong/config -# property: admin_gui_session_conf -# - secretKey: kong_admin_password -# remoteRef: -# key: secrets/kong/config -# property: kong_admin_password -# - secretKey: password -# remoteRef: -# key: secrets/kong/postgres -# property: password -# - secretKey: pg_host -# remoteRef: -# key: secrets/kong/config -# property: pg_host -# - secretKey: portal_session_conf -# remoteRef: -# key: secrets/kong/config -# property: portal_session_conf -# --- apiVersion: external-secrets.io/v1beta1 @@ -79,33 +45,3 @@ spec: kubernetes: mountPath: "kubernetes" role: "external-secrets" - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: kong-postgresql -spec: - secretStoreRef: - name: vault-kong - kind: SecretStore - target: - name: kong-postgresql - data: - - secretKey: postgres-username - remoteRef: - key: secrets/kong/postgres - property: username - - secretKey: postgres-password - remoteRef: - key: secrets/kong/postgres - property: password - - secretKey: postgres-database - remoteRef: - key: secrets/kong/postgres - property: database - - secretKey: password - remoteRef: - key: secrets/kong/postgres - property: password diff --git a/kong/values-old.yaml b/kong/values-old.yaml deleted file mode 100644 index b9ec57c..0000000 --- a/kong/values-old.yaml +++ /dev/null @@ -1,257 +0,0 @@ -kong: - admin: - annotations: - konghq.com/protocol: https - enabled: true - http: - enabled: false - ingress: - enabled: false - tls: - containerPort: 8444 - enabled: true - parameters: - - http2 - servicePort: 8444 - type: ClusterIP - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - dataplane - topologyKey: kubernetes.io/hostname - weight: 100 - certificates: - enabled: true - issuer: quickstart-kong-selfsigned-issuer - cluster: - enabled: true - admin: - enabled: true - commonName: kong.durp.info - portal: - enabled: true - commonName: developer.durp.info - proxy: - enabled: true - commonName: durp.info - dnsNames: - - '*.durp.info' - cluster: - enabled: true - labels: - konghq.com/service: cluster - tls: - containerPort: 8005 - enabled: true - servicePort: 8005 - type: ClusterIP - clustertelemetry: - enabled: true - tls: - containerPort: 8006 - enabled: true - servicePort: 8006 - type: ClusterIP - deployment: - kong: - daemonset: false - enabled: true - enterprise: - enabled: true - license_secret: kong-enterprise-license - portal: - enabled: true - rbac: - admin_api_auth: basic-auth - admin_gui_auth_conf_secret: kong-config-secret - enabled: true - session_conf_secret: kong-config-secret - smtp: - enabled: false - vitals: - enabled: true - env: - admin_access_log: /dev/stdout - admin_api_uri: https://kong.durp.info/api - admin_error_log: /dev/stdout - admin_gui_access_log: /dev/stdout - admin_gui_error_log: /dev/stdout - admin_gui_host: kong.durp.info - admin_gui_protocol: https - admin_gui_url: https://kong.durp.info/ - cluster_data_plane_purge_delay: 60 - cluster_listen: 0.0.0.0:8005 - cluster_telemetry_listen: 0.0.0.0:8006 - database: postgres - log_level: debug - lua_package_path: /opt/?.lua;; - #nginx_worker_processes: "2" - password: - valueFrom: - secretKeyRef: - key: kong_admin_password - name: kong-config-secret - pg_database: kong - pg_host: - valueFrom: - secretKeyRef: - key: pg_host - name: kong-config-secret - pg_ssl: "off" - pg_ssl_verify: "off" - pg_user: kong - plugins: bundled,openid-connect - portal: true - portal_api_access_log: /dev/stdout - portal_api_error_log: /dev/stdout - portal_api_url: https://developer.durp.info/api - portal_auth: basic-auth - portal_cors_origins: '*' - portal_gui_access_log: /dev/stdout - portal_gui_error_log: /dev/stdout - portal_gui_host: developer.durp.info - portal_gui_protocol: https - portal_gui_url: https://developer.durp.info/ - portal_session_conf: - valueFrom: - secretKeyRef: - key: portal_session_conf - name: kong-config-secret - prefix: /kong_prefix/ - proxy_access_log: /dev/stdout - proxy_error_log: /dev/stdout - proxy_stream_access_log: /dev/stdout - proxy_stream_error_log: /dev/stdout - smtp_mock: "on" - status_listen: 0.0.0.0:8100 - trusted_ips: 0.0.0.0/0,::/0 - vitals: true - extraLabels: - konghq.com/component: quickstart - image: - repository: kong/kong-gateway - tag: "3.3" - ingressController: - enabled: true - env: - kong_admin_filter_tag: ingress_controller_default - kong_admin_tls_skip_verify: true - kong_admin_token: - valueFrom: - secretKeyRef: - key: password - name: kong-config-secret - kong_admin_url: https://localhost:8444 - kong_workspace: default - publish_service: kong/quickstart-kong-proxy - image: - repository: docker.io/kong/kubernetes-ingress-controller - tag: "2.10" - ingressClass: default - installCRDs: true - manager: - annotations: - konghq.com/protocol: https - enabled: true - http: - containerPort: 8002 - enabled: false - servicePort: 8002 - ingress: - enabled: false - tls: - containerPort: 8445 - enabled: true - parameters: - - http2 - servicePort: 8445 - type: ClusterIP - migrations: - enabled: true - postUpgrade: true - preUpgrade: true - namespace: kong - podAnnotations: - kuma.io/gateway: enabled - portal: - annotations: - konghq.com/protocol: https - enabled: true - http: - containerPort: 8003 - enabled: false - servicePort: 8003 - ingress: - enabled: false - tls: - containerPort: 8446 - enabled: true - parameters: - - http2 - servicePort: 8446 - type: ClusterIP - portalapi: - annotations: - konghq.com/protocol: https - enabled: true - http: - enabled: false - ingress: - enabled: false - tls: - containerPort: 8447 - enabled: true - parameters: - - http2 - servicePort: 8447 - type: ClusterIP - postgresql: - enabled: true - auth: - existingSecret: kong-config-secret - secretKeys: - adminPasswordKey: password - userPasswordKey: password - replicationPasswordKey: password - database: kong - username: kong - proxy: - annotations: - prometheus.io/port: "9542" - prometheus.io/scrape: "true" - enabled: true - http: - containerPort: 8080 - enabled: true - hostPort: 80 - ingress: - enabled: false - labels: - enable-metrics: true - tls: - containerPort: 8443 - enabled: true - hostPort: 443 - type: ClusterIP - replicaCount: 1 - secretVolumes: [] - status: - enabled: true - http: - containerPort: 8100 - enabled: true - tls: - containerPort: 8543 - enabled: false - updateStrategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 100% - type: RollingUpdate -