diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml index b39f32021fa5..f296eb8ac7fb 100644 --- a/stable/kong/Chart.yaml +++ b/stable/kong/Chart.yaml @@ -12,5 +12,5 @@ maintainers: name: kong sources: - https://github.com/Kong/kong -version: 0.5.8 +version: 0.6.0 appVersion: 0.14.1 diff --git a/stable/kong/README.md b/stable/kong/README.md index 91e9ac19cd42..aa043a7f1332 100644 --- a/stable/kong/README.md +++ b/stable/kong/README.md @@ -48,46 +48,46 @@ chart and deletes the release. The following table lists the configurable parameters of the Kong chart and their default values. -| Parameter | Description | Default | -| ------------------------------ | -------------------------------------------------------------------- | ------------------- | -| image.repository | Kong image | `kong` | -| image.tag | Kong image version | `0.14.1` | -| image.pullPolicy | Image pull policy | `IfNotPresent` | -| image.pullSecrets | Image pull secrets | `null` | -| replicaCount | Kong instance count | `1` | -| admin.useTLS | Secure Admin traffic | `true` | -| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | -| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | -| admin.nodePort | Node port when service type is `NodePort` | | -| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | -| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | -| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | -| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | -| admin.ingress.tls | Name of secret resource, containing TLS secret | | -| admin.ingress.hosts | List of ingress hosts. | `[]` | -| admin.ingress.path | Ingress path. | `/` | -| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| proxy.useTLS | Secure Proxy traffic | `true` | -| proxy.servicePort | TCP port on which the Kong Proxy Service is exposed | `8443` | -| proxy.containerPort | TCP port on which the Kong app listens for Proxy traffic | `8443` | -| proxy.nodePort | Node port when service type is `NodePort` | | -| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | -| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | -| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | -| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | -| proxy.ingress.tls | Name of secret resource, containing TLS secret | | -| proxy.ingress.hosts | List of ingress hosts. | `[]` | -| proxy.ingress.path | Ingress path. | `/` | -| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | -| runMigrations | Run Kong migrations job | `true` | -| readinessProbe | Kong readiness probe | | -| livenessProbe | Kong liveness probe | | -| affinity | Node/pod affinities | | -| nodeSelector | Node labels for pod assignment | `{}` | -| podAnnotations | Annotations to add to each pod | `{}` | -| resources | Pod resource requests & limits | `{}` | -| tolerations | List of node taints to tolerate | `[]` | +| Parameter | Description | Default | +| ------------------------------ | -------------------------------------------------------------------------------- | ------------------- | +| image.repository | Kong image | `kong` | +| image.tag | Kong image version | `0.14.1` | +| image.pullPolicy | Image pull policy | `IfNotPresent` | +| image.pullSecrets | Image pull secrets | `null` | +| replicaCount | Kong instance count | `1` | +| admin.useTLS | Secure Admin traffic | `true` | +| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | +| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | +| admin.nodePort | Node port when service type is `NodePort` | | +| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | +| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| admin.ingress.tls | Name of secret resource, containing TLS secret | | +| admin.ingress.hosts | List of ingress hosts. | `[]` | +| admin.ingress.path | Ingress path. | `/` | +| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| proxy.useTLS | Secure Proxy traffic | `true` | +| proxy.servicePort | TCP port on which the Kong Proxy Service is exposed | `8443` | +| proxy.containerPort | TCP port on which the Kong app listens for Proxy traffic | `8443` | +| proxy.nodePort | Node port when service type is `NodePort` | | +| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | +| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| proxy.ingress.tls | Name of secret resource, containing TLS secret | | +| proxy.ingress.hosts | List of ingress hosts. | `[]` | +| proxy.ingress.path | Ingress path. | `/` | +| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | | +| runMigrations | Run Kong migrations job | `true` | +| readinessProbe | Kong readiness probe | | +| livenessProbe | Kong liveness probe | | +| affinity | Node/pod affinities | | +| nodeSelector | Node labels for pod assignment | `{}` | +| podAnnotations | Annotations to add to each pod | `{}` | +| resources | Pod resource requests & limits | `{}` | +| tolerations | List of node taints to tolerate | `[]` | ### Kong-specific parameters @@ -127,10 +127,53 @@ $ helm install stable/kong --name my-release \ --set=image.tag=0.11.2,env.database=cassandra,cassandra.enabled=true ``` -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, +Alternatively, a YAML file that specifies the values for the above parameters +can be provided while installing the chart. For example, ```console $ helm install stable/kong --name my-release -f values.yaml ``` > **Tip**: You can use the default [values.yaml](values.yaml) + +### Kong Ingress Controller + +Kong Ingress Controller's primary purpose is to satisfy Ingress resources +created in your Kubernetes cluster. +It uses CRDs for more fine grained control over routing and +for Kong specific configuration. +To deploy the ingress controller together with +kong run the following command: + +```bash +helm install stable/kong \ + --set ingressController.enabled=true \ + --set admin.useTLS=false \ + --set readinessProbe.httpGet.scheme=HTTP \ + --set livenessProbe.httpGet.scheme=HTTP +``` + +**Note**: Kong Ingress controller doesn't support custom SSL certificates +on Admin port. We will be removing this limitation in the future. + +Kong ingress controller relies on several Custom Resource Definition objects to +declare the the Kong configurations and synchronize the configuration with the +Kong admin API. Each of this new objects declared in Kubernetes have a +one-to-one relation with a Kong resource. +The custom resources are: +- KongConsumer +- KongCredential +- kongPlugin +- KongIngress + +You can can learn about kong ingress custom resource definitions here: +https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-types.md + +| Parameter | Description | Default | +| --------------- | ----------------------------------------- | ---------------------------------------------------------------------------- | +| enabled | Deploy the ingress controller, rbac and crd | false | +| replicaCount | Number of desired ingress controllers | 1 | +| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller | +| image.tag | Version of the ingress controller | 0.2.0 | +| readinessProbe | Kong ingress controllers readiness probe | | +| livenessProbe | Kong ingress controllers liveness probe | | diff --git a/stable/kong/ci/ingressController-values.yaml b/stable/kong/ci/ingressController-values.yaml new file mode 100644 index 000000000000..7939a32c4f04 --- /dev/null +++ b/stable/kong/ci/ingressController-values.yaml @@ -0,0 +1,14 @@ +# CI test for Ingress controller basic installation + +admin: + useTLS: false + +readinessProbe: + httpGet: + scheme: HTTP +livenessProbe: + httpGet: + scheme: HTTP + +ingressController: + enabled: true diff --git a/stable/kong/kong-0.5.7.tgz b/stable/kong/kong-0.5.7.tgz deleted file mode 100644 index cf3a74d53a99..000000000000 Binary files a/stable/kong/kong-0.5.7.tgz and /dev/null differ diff --git a/stable/kong/templates/_helpers.tpl b/stable/kong/templates/_helpers.tpl index ff4bc88517d0..d3a3d2152314 100644 --- a/stable/kong/templates/_helpers.tpl +++ b/stable/kong/templates/_helpers.tpl @@ -22,3 +22,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default "cassandra" .Values.cassandra.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kong.serviceAccountName" -}} +{{- if .Values.ingressController.serviceAccount.create -}} + {{ default (include "kong.fullname" .) .Values.ingressController.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/kong/templates/controller-cluster-role.yaml b/stable/kong/templates/controller-cluster-role.yaml new file mode 100644 index 000000000000..2a4bc808d5ae --- /dev/null +++ b/stable/kong/templates/controller-cluster-role.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ template "kong.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - "configuration.konghq.com" + resources: + - kongplugins + - kongcredentials + - kongconsumers + - kongingresses + verbs: + - get + - list + - watch +{{- end -}} diff --git a/stable/kong/templates/controller-deployment.yaml b/stable/kong/templates/controller-deployment.yaml new file mode 100644 index 000000000000..9fb14763d952 --- /dev/null +++ b/stable/kong/templates/controller-deployment.yaml @@ -0,0 +1,147 @@ +{{- if .Values.ingressController.enabled -}} +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: "{{ template "kong.fullname" . }}-controller" + labels: + app: "{{ template "kong.name" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: "controller" +spec: + replicas: {{ .Values.ingressController.replicaCount }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: "controller" + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: "controller" + spec: + serviceAccountName: {{ template "kong.serviceAccountName" . }} +{{- if .Values.image.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.image.imagePullSecrets }} +{{- end }} + initContainers: + - name: wait-for-db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: KONG_PROXY_ACCESS_LOG + value: "/dev/stdout" + - name: KONG_ADMIN_ACCESS_LOG + value: "/dev/stdout" + - name: KONG_PROXY_ERROR_LOG + value: "/dev/stderr" + - name: KONG_ADMIN_ERROR_LOG + value: "/dev/stderr" + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgres-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + command: [ "/bin/sh", "-c", "until kong start; do echo 'waiting for db'; sleep 1; done; kong stop" ] + containers: + - name: admin-api + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KONG_PROXY_LISTEN + value: 'off' + - name: KONG_ADMIN_ACCESS_LOG + value: "/dev/stdout" + - name: KONG_ADMIN_ERROR_LOG + value: "/dev/stderr" + {{- if .Values.admin.useTLS }} + - name: KONG_ADMIN_LISTEN + value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl" + {{- else }} + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:{{ .Values.admin.containerPort }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgres-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + ports: + - name: admin + containerPort: {{ .Values.admin.containerPort }} + protocol: TCP + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + resources: +{{ toYaml .Values.resources | indent 10 }} + - name: ingress-controller + args: + - /kong-ingress-controller + # the kong URL points to the kong admin api server + - --kong-url=http://localhost:{{ .Values.admin.containerPort }} + # the default service is the kong proxy service + - --default-backend-service={{ .Release.Namespace }}/{{ template "kong.fullname" . }}-proxy + # Service from were we extract the IP address/es to use in Ingress status + - --publish-service={{ .Release.Namespace }}/{{ template "kong.fullname" . }}-proxy + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.ingressController.image.repository }}:{{ .Values.ingressController.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.ingressController.resources | indent 10 }} +{{- end -}} diff --git a/stable/kong/templates/controller-rbac-cluster-role-binding.yaml b/stable/kong/templates/controller-rbac-cluster-role-binding.yaml new file mode 100644 index 000000000000..2e4e7526f008 --- /dev/null +++ b/stable/kong/templates/controller-rbac-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kong.fullname" . }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kong.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stable/kong/templates/controller-rbac-role-binding.yaml b/stable/kong/templates/controller-rbac-role-binding.yaml new file mode 100644 index 000000000000..28d6855cd502 --- /dev/null +++ b/stable/kong/templates/controller-rbac-role-binding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ template "kong.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kong.fullname" . }} + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stable/kong/templates/controller-rbac-role.yaml b/stable/kong/templates/controller-rbac-role.yaml new file mode 100644 index 000000000000..c52802c7d9b3 --- /dev/null +++ b/stable/kong/templates/controller-rbac-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "kong.fullname" . }} + namespace: {{ .Release.namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end -}} diff --git a/stable/kong/templates/controller-service-account.yaml b/stable/kong/templates/controller-service-account.yaml new file mode 100644 index 000000000000..050b860755cf --- /dev/null +++ b/stable/kong/templates/controller-service-account.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} diff --git a/stable/kong/templates/crd-kongconsumer.yaml b/stable/kong/templates/crd-kongconsumer.yaml new file mode 100644 index 000000000000..10d1b23acea9 --- /dev/null +++ b/stable/kong/templates/crd-kongconsumer.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ingressController.enabled -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongconsumers.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongConsumer + plural: kongconsumers +{{- end -}} diff --git a/stable/kong/templates/crd-kongcredential.yaml b/stable/kong/templates/crd-kongcredential.yaml new file mode 100644 index 000000000000..5cc4f5204e84 --- /dev/null +++ b/stable/kong/templates/crd-kongcredential.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ingressController.enabled -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongcredentials.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongCredential + plural: kongcredentials +{{- end -}} diff --git a/stable/kong/templates/crd-kongingress.yaml b/stable/kong/templates/crd-kongingress.yaml new file mode 100644 index 000000000000..f60ef1375903 --- /dev/null +++ b/stable/kong/templates/crd-kongingress.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ingressController.enabled -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongingresses.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongIngress + plural: kongingresses +{{- end -}} diff --git a/stable/kong/templates/crd-kongplugins.yaml b/stable/kong/templates/crd-kongplugins.yaml new file mode 100644 index 000000000000..79db02f60131 --- /dev/null +++ b/stable/kong/templates/crd-kongplugins.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ingressController.enabled -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongplugins.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongPlugin + plural: kongplugins +{{- end -}} diff --git a/stable/kong/values.yaml b/stable/kong/values.yaml index 0062b8aeae96..7ebf49823d42 100644 --- a/stable/kong/values.yaml +++ b/stable/kong/values.yaml @@ -152,3 +152,44 @@ postgresql: postgresDatabase: kong service: port: 5432 + +# Kong Ingress Controller's primary purpose is to satisfy Ingress resources +# created in k8s. It uses CRDs for more fine grained control over routing and +# for Kong specific configuration. +ingressController: + enabled: false + image: + repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller + tag: 0.2.0 + replicaCount: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + rbac: + # Specifies whether RBAC resources should be created + create: true + + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: