GithubHelp home page GithubHelp logo

Comments (11)

tirelibirefe avatar tirelibirefe commented on June 8, 2024 1

sure

from charts.

pmalek avatar pmalek commented on June 8, 2024

Hi @tirelibirefe

Do you mind attaching the config file that you're trying to use in this configuration so that we can assess what might be wrong with it?

You can always refer to https://docs.konghq.com/gateway/3.4.x/production/deployment-topologies/db-less-and-declarative-config/ for more information on the declarative config schema and how to manage it.

As mentioned in the docs, you can also use deck yourself to check via deck gateway validate what's wrong with your config.

from charts.

tirelibirefe avatar tirelibirefe commented on June 8, 2024

Hello @pmalek
Thanks for your response and feedback.
Here is my values.yaml file:

deployment:
  kong:
    enabled: true
  serviceAccount:
    create: true
    automountServiceAccountToken: false
  test:
    enabled: false
  daemonset: false
  hostNetwork: false
  prefixDir:
    sizeLimit: 256Mi
  tmpDir:
    sizeLimit: 1Gi
env:
  database: "off"
  router_flavor: "traditional"
  nginx_worker_processes: "2"
  proxy_access_log: /dev/stdout
  admin_access_log: /dev/stdout
  admin_gui_access_log: /dev/stdout
  portal_api_access_log: /dev/stdout
  proxy_error_log: /dev/stderr
  admin_error_log: /dev/stderr
  admin_gui_error_log: /dev/stderr
  portal_api_error_log: /dev/stderr
  prefix: /kong_prefix/
  plugins: "bundled,oidc"
extraLabels: {}
image:
  repository: kong
  tag: "3.4"
  effectiveSemver:
  pullPolicy: IfNotPresent
admin:
  enabled: false
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: false
    servicePort: 8001
    containerPort: 8001
    parameters: []
  tls:
    enabled: true
    servicePort: 8444
    containerPort: 8444
    parameters:
    - http2
    client:
      caBundle: ""
      secretName: ""
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
status:
  enabled: true
  http:
    enabled: true
    containerPort: 8100
    parameters: []
  tls:
    enabled: false
    containerPort: 8543
    parameters: []
clusterCaSecretName: ""
cluster:
  enabled: false
  annotations: {}
  labels: {}
  tls:
    enabled: false
    servicePort: 8005
    containerPort: 8005
    parameters: []
  type: ClusterIP
  loadBalancerClass:
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
proxy:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  nameOverride: ""
  annotations: {}
  labels:
    enable-metrics: "true"
  http:
    enabled: true
    servicePort: 80
    containerPort: 8000
    parameters: []
  tls:
    enabled: true
    servicePort: 443
    containerPort: 8443
    parameters:
    - http2
  stream: []
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations: {}
    labels: {}
    hostname: newerapi.dev-hub.myawesomecompany.com
    path: /
    pathType: ImplementationSpecific
    hosts: []
udpProxy:
  enabled: false
  type: LoadBalancer
  loadBalancerClass:
  annotations: {}
  labels: {}
  stream: []
plugins: {}
secretVolumes: []
migrations:
  preUpgrade: true
  postUpgrade: true
  annotations:
    sidecar.istio.io/inject: false
  jobAnnotations: {}
  backoffLimit:
  resources: {}
dblessConfig:
  configMap: ""
  secret: ""
  config: |
  _format_version: "1.1"
  services:
    # Example configuration
    - name: noidea.com
      url: http://noidea.com
      routes:
      - name: whatroute
        paths:
        - "/whatpath"
  # Optionally specify any extra sidecar containers to be included in the
  # migration jobs
  # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core
  sidecarContainers:
    - name: sidecar
      image: sidecar:latest
ingressController:
  enabled: false
  image:
    repository: kong/kubernetes-ingress-controller
    tag: "3.0"
    effectiveSemver:
  args: []
  gatewayDiscovery:
    enabled: false
    generateAdminApiService: false
    adminApiService:
      namespace: ""
      name: ""
  watchNamespaces: []
  env:
    kong_admin_tls_skip_verify: true
  admissionWebhook:
    enabled: true
    failurePolicy: Ignore
    port: 8080
    certificate:
      provided: false
    namespaceSelector: {}
    service:
      labels: {}
  ingressClass: kong
  ingressClassAnnotations: {}
  rbac:
    create: true
  livenessProbe:
    httpGet:
      path: "/healthz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 5
    timeoutSeconds: 5
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    httpGet:
      path: "/readyz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 5
    timeoutSeconds: 5
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  resources: {}
  konnect:
    enabled: false
    runtimeGroupID: ""
    apiHostname: "us.kic.api.konghq.com"
    tlsClientCertSecretName: "konnect-client-tls"
    license:
      enabled: false
  adminApi:
    tls:
      client:
        enabled: false
        certProvided: false
        secretName: ""
        caSecretName: ""
postgresql:
  enabled: false
  auth:
    username: kong
    database: kong
  image:
    tag: 13.11.0-debian-11-r20
  service:
    ports:
      postgresql: "5432"
certificates:
  enabled: false
  issuer: ""
  clusterIssuer: ""
  proxy:
    enabled: false
    issuer: ""
    clusterIssuer: ""
    commonName: "app.example"
    dnsNames: []
  admin:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "kong.example"
    dnsNames: []
  portal:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "developer.example"
    dnsNames: []
  cluster:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "kong_clustering"
    dnsNames: []
waitImage:
  enabled: true
  pullPolicy: IfNotPresent
updateStrategy: {}
resources: {}
readinessProbe:
  httpGet:
    path: "/status/ready"
    port: status
    scheme: HTTP
  initialDelaySeconds: 5
  timeoutSeconds: 5
  periodSeconds: 10
  successThreshold: 1
  failureThreshold: 3
livenessProbe:
  httpGet:
    path: "/status"
    port: status
    scheme: HTTP
  initialDelaySeconds: 5
  timeoutSeconds: 5
  periodSeconds: 10
  successThreshold: 1
  failureThreshold: 3
lifecycle:
  preStop:
    exec:
      command:
        - kong
        - quit
        - '--wait=15'
terminationGracePeriodSeconds: 30
tolerations: []
nodeSelector: {}
podAnnotations:
  kuma.io/gateway: enabled
  traffic.sidecar.istio.io/includeInboundPorts: ""
podLabels: {}
replicaCount: 1
deploymentAnnotations: {}
autoscaling:
  enabled: false
  minReplicas: 2
  maxReplicas: 5
  behavior: {}
  targetCPUUtilizationPercentage:
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 80
podDisruptionBudget:
  enabled: false
podSecurityPolicy:
  enabled: false
  labels: {}
  annotations: {}
  spec:
    privileged: false
    fsGroup:
      rule: RunAsAny
    runAsUser:
      rule: RunAsAny
    runAsGroup:
      rule: RunAsAny
    seLinux:
      rule: RunAsAny
    supplementalGroups:
      rule: RunAsAny
    volumes:
      - 'configMap'
      - 'secret'
      - 'emptyDir'
      - 'projected'
    allowPrivilegeEscalation: false
    hostNetwork: false
    hostIPC: false
    hostPID: false
    readOnlyRootFilesystem: true
priorityClassName: ""
securityContext: {}
containerSecurityContext:
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  runAsUser: 1000
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
    - ALL
serviceMonitor:
  enabled: false
enterprise:
  enabled: false
  vitals:
    enabled: true
  portal:
    enabled: false
  rbac:
    enabled: false
    admin_gui_auth: basic-auth
    session_conf_secret: kong-session-config
    admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
  smtp:
    enabled: false
    portal_emails_from: [email protected]
    portal_emails_reply_to: [email protected]
    admin_emails_from: [email protected]
    admin_emails_reply_to: [email protected]
    smtp_admin_emails: [email protected]
    smtp_host: smtp.example.com
    smtp_port: 587
    smtp_auth_type: ''
    smtp_ssl: nil
    smtp_starttls: true
    auth:
      smtp_username: ''  # e.g. [email protected]
      smtp_password_secret: CHANGEME-smtp-password
manager:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8002
    containerPort: 8002
    parameters: []
  tls:
    enabled: false
    servicePort: 8445
    containerPort: 8445
    parameters:
    - http2
  ingress:
    enabled: true
    ingressClassName: nginx
    hostname: kong.dev-hub.myawesomecompany.com
    annotations: {}
    path: /
    pathType: ImplementationSpecific
portal:
  enabled: false
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8003
    containerPort: 8003
    parameters: []
  tls:
    enabled: true
    servicePort: 8446
    containerPort: 8446
    parameters:
    - http2
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
portalapi:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8004
    containerPort: 8004
    parameters: []
  tls:
    enabled: true
    servicePort: 8447
    containerPort: 8447
    parameters:
    - http2
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
clustertelemetry:
  enabled: false
  annotations: {}
  labels: {}
  tls:
    enabled: false
    servicePort: 8006
    containerPort: 8006
    parameters: []
  type: ClusterIP
  loadBalancerClass:
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
extraConfigMaps: []
extraSecrets: []
extraObjects: []

from charts.

pmalek avatar pmalek commented on June 8, 2024

Thanks for sending that over. I'll just comment that helm's values provided by the user are meant to just specify the fields that you want to override. As I can see from the file that you've sent, that seem to be the full (or at least a big portion of it) values.yaml that we provide, with some customizations.

That's not following the best practices of using helm because you may e.g. easily drift with your values and defaults provided by chart maintainers.

So e.g. the last 3 values (and most of the rest as well) don't need to be specified because they are already set to the same values in the chart

charts/charts/kong/values.yaml

Lines 1216 to 1236 in 136deb5

extraConfigMaps: []
# extraConfigMaps:
# - name: my-config-map
# mountPath: /mount/to/my/location
# subPath: my-subpath # Optional, if you wish to mount a single key and not the entire ConfigMap
extraSecrets: []
# extraSecrets:
# - name: my-secret
# mountPath: /mount/to/my/location
# subPath: my-subpath # Optional, if you wish to mount a single key and not the entire ConfigMap
extraObjects: []
# extraObjects:
# - apiVersion: configuration.konghq.com/v1
# kind: KongClusterPlugin
# metadata:
# name: prometheus
# config:
# per_consumer: false
# plugin: prometheus

This way it's also hard to figure out what are the actual user provided values and which are "copy pasted".

from charts.

tirelibirefe avatar tirelibirefe commented on June 8, 2024

Hello @pmalek
Currently I don't need to add anything under extraSecrets, extraConfigMaps, extraObjects etc.

Pods stuck initial state and installation cannot be completed.

The point I would like to access is just to have a working "db-less Kong installation"; "running" pods. I don't want to define any routing, any forwarding, any authentication, any fancy stuff, I don't want to configure anything else at beginning.

Regarding to my minimal expectation, could pls advise a minimal configuration sample? I will be very appreciated.

Thanks

from charts.

pmalek avatar pmalek commented on June 8, 2024

I you want "nothing fancy" and "just make it work" then ingress chart is the way to go:

helm upgrade --install --create-namespace -n kong kong  kong/ingress

Should work out of the box. This will install KIC + Kong Gateway in a dbless setting.

from charts.

pmalek avatar pmalek commented on June 8, 2024

If you'd like to explore example values for either of our charts you can find those in

from charts.

tirelibirefe avatar tirelibirefe commented on June 8, 2024

Hello @pmalek
thanks again for your kindly feedback even if you were mad at me.

this chart enables ingress controller. I don't want to enable ingress controller.

I think I was misunderstood.
I would like to evaluate "apigateway / api management" features of Kong. My purpose is not to have an ingress controller. As I assumed "proxy" is the Kong itself, I don't want to exclude it in my installation.

...anyway, I found the problem.

Indentation is wrong in the example config, I fixed it and it works now.

Thanks & Regards

from charts.

pmalek avatar pmalek commented on June 8, 2024

A simple values file like so should get you going:

image:
  repository: kong/kong-gateway
  tag: "3.4"

admin:
  # Enable creating a Kubernetes service for the admin API
  # Enterprise users that wish to use Kong Manager with the controller should enable this
  enabled: true
  type: NodePort

readinessProbe:
  httpGet:
    # Configure this to get Kong Gateway immediately ready. By default /status/ready is used
    # ref: https://docs.konghq.com/gateway/latest/production/monitoring/readiness-check
    path: "/status"
    port: status
    scheme: HTTP

env:
  database: "off"

ingressController:
  enabled: false

Please note that you have to decide what's your preferred way of configuring the Gateway. This way you can configure it through the Admin API (which in this values.yaml file is configure to be exposed as a NodePort Service).

I hope that helps. Let us know if you have any other questions.

from charts.

tirelibirefe avatar tirelibirefe commented on June 8, 2024

Thank you @pmalek
DBless works and now I am working on "...with external Postgres" option. I have a problem here which I am looking for help.

from charts.

pmalek avatar pmalek commented on June 8, 2024

👍

Can we close this one then?

from charts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.