Comments (11)
sure
from charts.
Do you mind attaching the config file that you're trying to use in this configuration so that we can assess what might be wrong with it?
You can always refer to https://docs.konghq.com/gateway/3.4.x/production/deployment-topologies/db-less-and-declarative-config/ for more information on the declarative config schema and how to manage it.
As mentioned in the docs, you can also use deck yourself to check via deck gateway validate
what's wrong with your config.
from charts.
Hello @pmalek
Thanks for your response and feedback.
Here is my values.yaml file:
deployment:
kong:
enabled: true
serviceAccount:
create: true
automountServiceAccountToken: false
test:
enabled: false
daemonset: false
hostNetwork: false
prefixDir:
sizeLimit: 256Mi
tmpDir:
sizeLimit: 1Gi
env:
database: "off"
router_flavor: "traditional"
nginx_worker_processes: "2"
proxy_access_log: /dev/stdout
admin_access_log: /dev/stdout
admin_gui_access_log: /dev/stdout
portal_api_access_log: /dev/stdout
proxy_error_log: /dev/stderr
admin_error_log: /dev/stderr
admin_gui_error_log: /dev/stderr
portal_api_error_log: /dev/stderr
prefix: /kong_prefix/
plugins: "bundled,oidc"
extraLabels: {}
image:
repository: kong
tag: "3.4"
effectiveSemver:
pullPolicy: IfNotPresent
admin:
enabled: false
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: false
servicePort: 8001
containerPort: 8001
parameters: []
tls:
enabled: true
servicePort: 8444
containerPort: 8444
parameters:
- http2
client:
caBundle: ""
secretName: ""
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
status:
enabled: true
http:
enabled: true
containerPort: 8100
parameters: []
tls:
enabled: false
containerPort: 8543
parameters: []
clusterCaSecretName: ""
cluster:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8005
containerPort: 8005
parameters: []
type: ClusterIP
loadBalancerClass:
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
proxy:
enabled: true
type: ClusterIP
loadBalancerClass:
nameOverride: ""
annotations: {}
labels:
enable-metrics: "true"
http:
enabled: true
servicePort: 80
containerPort: 8000
parameters: []
tls:
enabled: true
servicePort: 443
containerPort: 8443
parameters:
- http2
stream: []
ingress:
enabled: true
ingressClassName: nginx
annotations: {}
labels: {}
hostname: newerapi.dev-hub.myawesomecompany.com
path: /
pathType: ImplementationSpecific
hosts: []
udpProxy:
enabled: false
type: LoadBalancer
loadBalancerClass:
annotations: {}
labels: {}
stream: []
plugins: {}
secretVolumes: []
migrations:
preUpgrade: true
postUpgrade: true
annotations:
sidecar.istio.io/inject: false
jobAnnotations: {}
backoffLimit:
resources: {}
dblessConfig:
configMap: ""
secret: ""
config: |
_format_version: "1.1"
services:
# Example configuration
- name: noidea.com
url: http://noidea.com
routes:
- name: whatroute
paths:
- "/whatpath"
# Optionally specify any extra sidecar containers to be included in the
# migration jobs
# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core
sidecarContainers:
- name: sidecar
image: sidecar:latest
ingressController:
enabled: false
image:
repository: kong/kubernetes-ingress-controller
tag: "3.0"
effectiveSemver:
args: []
gatewayDiscovery:
enabled: false
generateAdminApiService: false
adminApiService:
namespace: ""
name: ""
watchNamespaces: []
env:
kong_admin_tls_skip_verify: true
admissionWebhook:
enabled: true
failurePolicy: Ignore
port: 8080
certificate:
provided: false
namespaceSelector: {}
service:
labels: {}
ingressClass: kong
ingressClassAnnotations: {}
rbac:
create: true
livenessProbe:
httpGet:
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: "/readyz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources: {}
konnect:
enabled: false
runtimeGroupID: ""
apiHostname: "us.kic.api.konghq.com"
tlsClientCertSecretName: "konnect-client-tls"
license:
enabled: false
adminApi:
tls:
client:
enabled: false
certProvided: false
secretName: ""
caSecretName: ""
postgresql:
enabled: false
auth:
username: kong
database: kong
image:
tag: 13.11.0-debian-11-r20
service:
ports:
postgresql: "5432"
certificates:
enabled: false
issuer: ""
clusterIssuer: ""
proxy:
enabled: false
issuer: ""
clusterIssuer: ""
commonName: "app.example"
dnsNames: []
admin:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "kong.example"
dnsNames: []
portal:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "developer.example"
dnsNames: []
cluster:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "kong_clustering"
dnsNames: []
waitImage:
enabled: true
pullPolicy: IfNotPresent
updateStrategy: {}
resources: {}
readinessProbe:
httpGet:
path: "/status/ready"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: "/status"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
lifecycle:
preStop:
exec:
command:
- kong
- quit
- '--wait=15'
terminationGracePeriodSeconds: 30
tolerations: []
nodeSelector: {}
podAnnotations:
kuma.io/gateway: enabled
traffic.sidecar.istio.io/includeInboundPorts: ""
podLabels: {}
replicaCount: 1
deploymentAnnotations: {}
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
behavior: {}
targetCPUUtilizationPercentage:
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
podDisruptionBudget:
enabled: false
podSecurityPolicy:
enabled: false
labels: {}
annotations: {}
spec:
privileged: false
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
runAsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
- 'projected'
allowPrivilegeEscalation: false
hostNetwork: false
hostIPC: false
hostPID: false
readOnlyRootFilesystem: true
priorityClassName: ""
securityContext: {}
containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
serviceMonitor:
enabled: false
enterprise:
enabled: false
vitals:
enabled: true
portal:
enabled: false
rbac:
enabled: false
admin_gui_auth: basic-auth
session_conf_secret: kong-session-config
admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
smtp:
enabled: false
portal_emails_from: [email protected]
portal_emails_reply_to: [email protected]
admin_emails_from: [email protected]
admin_emails_reply_to: [email protected]
smtp_admin_emails: [email protected]
smtp_host: smtp.example.com
smtp_port: 587
smtp_auth_type: ''
smtp_ssl: nil
smtp_starttls: true
auth:
smtp_username: '' # e.g. [email protected]
smtp_password_secret: CHANGEME-smtp-password
manager:
enabled: true
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8002
containerPort: 8002
parameters: []
tls:
enabled: false
servicePort: 8445
containerPort: 8445
parameters:
- http2
ingress:
enabled: true
ingressClassName: nginx
hostname: kong.dev-hub.myawesomecompany.com
annotations: {}
path: /
pathType: ImplementationSpecific
portal:
enabled: false
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8003
containerPort: 8003
parameters: []
tls:
enabled: true
servicePort: 8446
containerPort: 8446
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
portalapi:
enabled: true
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8004
containerPort: 8004
parameters: []
tls:
enabled: true
servicePort: 8447
containerPort: 8447
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
clustertelemetry:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8006
containerPort: 8006
parameters: []
type: ClusterIP
loadBalancerClass:
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
extraConfigMaps: []
extraSecrets: []
extraObjects: []
from charts.
Thanks for sending that over. I'll just comment that helm's values provided by the user are meant to just specify the fields that you want to override. As I can see from the file that you've sent, that seem to be the full (or at least a big portion of it) values.yaml that we provide, with some customizations.
That's not following the best practices of using helm because you may e.g. easily drift with your values and defaults provided by chart maintainers.
So e.g. the last 3 values (and most of the rest as well) don't need to be specified because they are already set to the same values in the chart
charts/charts/kong/values.yaml
Lines 1216 to 1236 in 136deb5
This way it's also hard to figure out what are the actual user provided values and which are "copy pasted".
from charts.
Hello @pmalek
Currently I don't need to add anything under extraSecrets, extraConfigMaps, extraObjects etc.
Pods stuck initial state and installation cannot be completed.
The point I would like to access is just to have a working "db-less Kong installation"; "running" pods. I don't want to define any routing, any forwarding, any authentication, any fancy stuff, I don't want to configure anything else at beginning.
Regarding to my minimal expectation, could pls advise a minimal configuration sample? I will be very appreciated.
Thanks
from charts.
I you want "nothing fancy" and "just make it work" then ingress chart is the way to go:
helm upgrade --install --create-namespace -n kong kong kong/ingress
Should work out of the box. This will install KIC + Kong Gateway in a dbless setting.
from charts.
If you'd like to explore example values for either of our charts you can find those in
- https://github.com/Kong/charts/tree/main/charts/kong/example-values for
kong
chart - https://github.com/Kong/charts/tree/main/charts/ingress/example-values for
ingress
chart.
from charts.
Hello @pmalek
thanks again for your kindly feedback even if you were mad at me.
this chart enables ingress controller. I don't want to enable ingress controller.
I think I was misunderstood.
I would like to evaluate "apigateway / api management" features of Kong. My purpose is not to have an ingress controller. As I assumed "proxy" is the Kong itself, I don't want to exclude it in my installation.
...anyway, I found the problem.
Indentation is wrong in the example config, I fixed it and it works now.
Thanks & Regards
from charts.
A simple values file like so should get you going:
image:
repository: kong/kong-gateway
tag: "3.4"
admin:
# Enable creating a Kubernetes service for the admin API
# Enterprise users that wish to use Kong Manager with the controller should enable this
enabled: true
type: NodePort
readinessProbe:
httpGet:
# Configure this to get Kong Gateway immediately ready. By default /status/ready is used
# ref: https://docs.konghq.com/gateway/latest/production/monitoring/readiness-check
path: "/status"
port: status
scheme: HTTP
env:
database: "off"
ingressController:
enabled: false
Please note that you have to decide what's your preferred way of configuring the Gateway. This way you can configure it through the Admin API (which in this values.yaml file is configure to be exposed as a NodePort
Service).
I hope that helps. Let us know if you have any other questions.
from charts.
Thank you @pmalek
DBless works and now I am working on "...with external Postgres" option. I have a problem here which I am looking for help.
from charts.
👍
Can we close this one then?
from charts.
Related Issues (20)
- "kong stop" in wait-for-db command prevents init container from exiting gracefully, suggest kong quit" HOT 2
- Upgrade PostgreSQL dependency version
- runAsUser: 1000 in securityContext causes error in Openshift HOT 5
- Service monitor scraping both status port of ingress pod HOT 5
- Kong chart cannot be deployed with ArgoCD / Kustomize HOT 7
- request-size-limiting http2 requests are not supported without content-length header HOT 1
- no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" HOT 2
- How to increase kong's timeout time HOT 1
- From OpenSource Kong to Kong Plus in Kubernetes (AKS) HOT 1
- kong ingress controller helm chart overwrite values to subcharts now working 0.12.0 HOT 2
- Unable to login to Kong Manager with DB-less Kubernetes deployment HOT 1
- How to deploy Kong successfully without enabling ingress controller or load balancer
- Kubernetes Ingress Controller upgrade issue HOT 1
- Kong manager password HOT 10
- `helm template kong kong/ingress` does not produce the same output like `helm template kong kong/ingress --validate` HOT 1
- kong ingress duplicate CRD installation HOT 2
- No metrics from kong-controller HOT 2
- Kong unable to fetch JWT credentials HOT 4
- Run golden tests for KGO chart
- ingressController.konnect.tlsClientCertSecretName: wrong naming
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.