DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2023-07-16 13:47:20 -05:00
parent e0772a65d3
commit ce21625671
4 changed files with 11 additions and 455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
kong/templates/certs.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: quickstart-kong-selfsigned-issuer-root
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: quickstart-kong-selfsigned-issuer-ca
spec:
commonName: quickstart-kong-selfsigned-issuer-ca
duration: 2160h0m0s
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: quickstart-kong-selfsigned-issuer-root
privateKey:
algorithm: ECDSA
size: 256
renewBefore: 360h0m0s
secretName: quickstart-kong-selfsigned-issuer-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: quickstart-kong-selfsigned-issuer
spec:
ca:
secretName: quickstart-kong-selfsigned-issuer-ca

109
kong/templates/ingress.yaml
View File

@@ -13,119 +13,32 @@ spec:
--- ---
#kind: Service
#apiVersion: v1
#metadata:
# name: kong-external-dns
# annotations:
# external-dns.alpha.kubernetes.io/hostname: kong.durp.info
#spec:
# type: ExternalName
# externalName: durp.info
---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: kong-kong-admin name: kong-kong-proxy
namespace: kong namespace: kong
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`kong.durp.info`) && PathPrefix(`/api`) - match: Host(`kong.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: kong-kong-admin - name: kong-kong-proxy
port: 8444 port: 443
scheme: https scheme: https
tls: tls:
secretName: kong-tls secretName: kong-tls
--- ---
apiVersion: traefik.containo.us/v1alpha1 kind: Service
kind: IngressRoute apiVersion: v1
metadata: metadata:
name: kong-kong-manager name: kong-external-dns
namespace: kong annotations:
external-dns.alpha.kubernetes.io/hostname: kong.durp.info
spec: spec:
entryPoints: type: ExternalName
- websecure externalName: durp.info
routes:
- match: Host(`kong.durp.info`)
kind: Rule
services:
- name: kong-kong-manager
port: 8445
scheme: https
tls:
secretName: kong-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kong-developer-tls
spec:
secretName: kong-developer-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "developer.durp.info"
dnsNames:
- "developer.durp.info"
---
#kind: Service
#apiVersion: v1
#metadata:
# name: kong-developer-external-dns
# annotations:
# external-dns.alpha.kubernetes.io/hostname: developer.durp.info
#spec:
# type: ExternalName
# externalName: durp.info
#
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kong-kong-portal
namespace: kong
spec:
entryPoints:
- websecure
routes:
- match: Host(`developer.durp.info`)
kind: Rule
services:
- name: kong-kong-portal
port: 8446
scheme: https
tls:
secretName: kong-developer-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kong-kong-portalapi
namespace: kong
spec:
entryPoints:
- websecure
routes:
- match: Host(`developer.durp.info`) && PathPrefix(`/api`)
kind: Rule
services:
- name: kong-kong-portalapi
port: 8447
scheme: https
tls:
secretName: kong-developer-tls

64
kong/templates/secrets.yaml
View File

@@ -29,40 +29,6 @@ spec:
key: secrets/kong/tls key: secrets/kong/tls
property: key property: key
#---
#
#apiVersion: external-secrets.io/v1beta1
#kind: ExternalSecret
#metadata:
# name: kong-config-secret
#spec:
# secretStoreRef:
# name: vault-kong
# kind: SecretStore
# target:
# name: kong-config-secret
# data:
# - secretKey: admin_gui_session_conf
# remoteRef:
# key: secrets/kong/config
# property: admin_gui_session_conf
# - secretKey: kong_admin_password
# remoteRef:
# key: secrets/kong/config
# property: kong_admin_password
# - secretKey: password
# remoteRef:
# key: secrets/kong/postgres
# property: password
# - secretKey: pg_host
# remoteRef:
# key: secrets/kong/config
# property: pg_host
# - secretKey: portal_session_conf
# remoteRef:
# key: secrets/kong/config
# property: portal_session_conf
#
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
@@ -79,33 +45,3 @@ spec:
kubernetes: kubernetes:
mountPath: "kubernetes" mountPath: "kubernetes"
role: "external-secrets" role: "external-secrets"
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kong-postgresql
spec:
secretStoreRef:
name: vault-kong
kind: SecretStore
target:
name: kong-postgresql
data:
- secretKey: postgres-username
remoteRef:
key: secrets/kong/postgres
property: username
- secretKey: postgres-password
remoteRef:
key: secrets/kong/postgres
property: password
- secretKey: postgres-database
remoteRef:
key: secrets/kong/postgres
property: database
- secretKey: password
remoteRef:
key: secrets/kong/postgres
property: password

257
kong/values-old.yaml
View File

@@ -1,257 +0,0 @@
kong:
admin:
annotations:
konghq.com/protocol: https
enabled: true
http:
enabled: false
ingress:
enabled: false
tls:
containerPort: 8444
enabled: true
parameters:
- http2
servicePort: 8444
type: ClusterIP
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- dataplane
topologyKey: kubernetes.io/hostname
weight: 100
certificates:
enabled: true
issuer: quickstart-kong-selfsigned-issuer
cluster:
enabled: true
admin:
enabled: true
commonName: kong.durp.info
portal:
enabled: true
commonName: developer.durp.info
proxy:
enabled: true
commonName: durp.info
dnsNames:
- '*.durp.info'
cluster:
enabled: true
labels:
konghq.com/service: cluster
tls:
containerPort: 8005
enabled: true
servicePort: 8005
type: ClusterIP
clustertelemetry:
enabled: true
tls:
containerPort: 8006
enabled: true
servicePort: 8006
type: ClusterIP
deployment:
kong:
daemonset: false
enabled: true
enterprise:
enabled: true
license_secret: kong-enterprise-license
portal:
enabled: true
rbac:
admin_api_auth: basic-auth
admin_gui_auth_conf_secret: kong-config-secret
enabled: true
session_conf_secret: kong-config-secret
smtp:
enabled: false
vitals:
enabled: true
env:
admin_access_log: /dev/stdout
admin_api_uri: https://kong.durp.info/api
admin_error_log: /dev/stdout
admin_gui_access_log: /dev/stdout
admin_gui_error_log: /dev/stdout
admin_gui_host: kong.durp.info
admin_gui_protocol: https
admin_gui_url: https://kong.durp.info/
cluster_data_plane_purge_delay: 60
cluster_listen: 0.0.0.0:8005
cluster_telemetry_listen: 0.0.0.0:8006
database: postgres
log_level: debug
lua_package_path: /opt/?.lua;;
#nginx_worker_processes: "2"
password:
valueFrom:
secretKeyRef:
key: kong_admin_password
name: kong-config-secret
pg_database: kong
pg_host:
valueFrom:
secretKeyRef:
key: pg_host
name: kong-config-secret
pg_ssl: "off"
pg_ssl_verify: "off"
pg_user: kong
plugins: bundled,openid-connect
portal: true
portal_api_access_log: /dev/stdout
portal_api_error_log: /dev/stdout
portal_api_url: https://developer.durp.info/api
portal_auth: basic-auth
portal_cors_origins: '*'
portal_gui_access_log: /dev/stdout
portal_gui_error_log: /dev/stdout
portal_gui_host: developer.durp.info
portal_gui_protocol: https
portal_gui_url: https://developer.durp.info/
portal_session_conf:
valueFrom:
secretKeyRef:
key: portal_session_conf
name: kong-config-secret
prefix: /kong_prefix/
proxy_access_log: /dev/stdout
proxy_error_log: /dev/stdout
proxy_stream_access_log: /dev/stdout
proxy_stream_error_log: /dev/stdout
smtp_mock: "on"
status_listen: 0.0.0.0:8100
trusted_ips: 0.0.0.0/0,::/0
vitals: true
extraLabels:
konghq.com/component: quickstart
image:
repository: kong/kong-gateway
tag: "3.3"
ingressController:
enabled: true
env:
kong_admin_filter_tag: ingress_controller_default
kong_admin_tls_skip_verify: true
kong_admin_token:
valueFrom:
secretKeyRef:
key: password
name: kong-config-secret
kong_admin_url: https://localhost:8444
kong_workspace: default
publish_service: kong/quickstart-kong-proxy
image:
repository: docker.io/kong/kubernetes-ingress-controller
tag: "2.10"
ingressClass: default
installCRDs: true
manager:
annotations:
konghq.com/protocol: https
enabled: true
http:
containerPort: 8002
enabled: false
servicePort: 8002
ingress:
enabled: false
tls:
containerPort: 8445
enabled: true
parameters:
- http2
servicePort: 8445
type: ClusterIP
migrations:
enabled: true
postUpgrade: true
preUpgrade: true
namespace: kong
podAnnotations:
kuma.io/gateway: enabled
portal:
annotations:
konghq.com/protocol: https
enabled: true
http:
containerPort: 8003
enabled: false
servicePort: 8003
ingress:
enabled: false
tls:
containerPort: 8446
enabled: true
parameters:
- http2
servicePort: 8446
type: ClusterIP
portalapi:
annotations:
konghq.com/protocol: https
enabled: true
http:
enabled: false
ingress:
enabled: false
tls:
containerPort: 8447
enabled: true
parameters:
- http2
servicePort: 8447
type: ClusterIP
postgresql:
enabled: true
auth:
existingSecret: kong-config-secret
secretKeys:
adminPasswordKey: password
userPasswordKey: password
replicationPasswordKey: password
database: kong
username: kong
proxy:
annotations:
prometheus.io/port: "9542"
prometheus.io/scrape: "true"
enabled: true
http:
containerPort: 8080
enabled: true
hostPort: 80
ingress:
enabled: false
labels:
enable-metrics: true
tls:
containerPort: 8443
enabled: true
hostPort: 443
type: ClusterIP
replicaCount: 1
secretVolumes: []
status:
enabled: true
http:
containerPort: 8100
enabled: true
tls:
containerPort: 8543
enabled: false
updateStrategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 100%
type: RollingUpdate