--- apiVersion: v1 kind: Service metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-type: nlb name: kong-proxy namespace: kong spec: ports: - name: proxy port: 80 protocol: TCP targetPort: 31080 - name: proxy-ssl port: 443 protocol: TCP targetPort: 31443 selector: app: ingress-kong type: LoadBalancer --- apiVersion: v1 kind: Service metadata: name: kong-validation-webhook namespace: kong spec: ports: - name: webhook port: 443 protocol: TCP targetPort: 8080 selector: app: ingress-kong --- kind: Deployment apiVersion: apps/v1 metadata: name: ingress-kong namespace: kong spec: replicas: 2 selector: matchLabels: app: ingress-kong template: metadata: creationTimestamp: null labels: app: ingress-kong spec: nodeSelector: proxy: kong restartPolicy: Always serviceAccountName: kong-serviceaccount imagePullSecrets: - name: gitlab-docker-registry schedulerName: default-scheduler hostNetwork: true terminationGracePeriodSeconds: 30 securityContext: {} containers: - resources: {} readinessProbe: httpGet: path: /status port: 8100 scheme: HTTP terminationMessagePath: /dev/termination-log lifecycle: preStop: exec: command: - /bin/sh - '-c' - kong quit name: proxy livenessProbe: httpGet: path: /status port: 8100 scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 env: - name: KONG_PROXY_LISTEN value: '0.0.0.0:80, 0.0.0.0:443 ssl http2' - name: KONG_STATUS_LISTEN value: '0.0.0.0:8100' - name: KONG_NGINX_WORKER_PROCESSES value: '2' - name: KONG_ADMIN_ACCESS_LOG value: /dev/stdout - name: KONG_ADMIN_ERROR_LOG value: /dev/stderr - name: KONG_PROXY_ERROR_LOG value: /dev/stderr - name: KONG_NGINX_PROXY_PROXY_NEXT_UPSTREAM value: error timeout invalid_header http_500 http_503 non_idempotent - name: KONG_ADMIN_LISTEN value: >- 0.0.0.0:8001 reuseport backlog=16384, 0.0.0.0:8444 http2 ssl reuseport backlog=16384 - name: KONG_DATABASE value: 'off' - name: KONG_NGINX_HTTP_GZIP value: 'on' - name: KONG_NGINX_HTTP_GZIP_TYPES value: >- text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript - name: KONG_NGINX_HTTP_GZIP_COMP_LEVEL value: '5' - name: KONG_NGINX_HTTP_GZIP_HTTP_VERSION value: '1.0' - name: KONG_NGINX_HTTP_GZIP_MIN_LENGTH value: '256' - name: KONG_NGINX_HTTP_GZIP_PROXIED value: any - name: KONG_NGINX_HTTP_GZIP_VARY value: 'on' - name: KONG_REAL_IP_HEADER value: X-Forwarded-For - name: KONG_TRUSTED_IPS value: 'xxxxxxxxxxx' - name: KONG_READ_IP_RECURSIVE value: 'on' - name: KONG_NGINX_HTTP_ADD_HEADER value: Strict-Transport-Security "max-age=31536000" - name: KONG_SSL_CERT value: /etc/kong-ssl/tls.crt - name: KONG_SSL_CERT_KEY value: /etc/kong-ssl/tls.key - name: KONG_MEM_CACHE_SIZE value: 4096m ports: - name: proxy hostPort: 80 containerPort: 80 protocol: TCP - name: proxy-ssl hostPort: 443 containerPort: 443 protocol: TCP - name: metrics hostPort: 8100 containerPort: 8100 protocol: TCP imagePullPolicy: Always volumeMounts: - name: ssl-testing-xxxxx-com readOnly: true mountPath: /etc/kong-ssl terminationMessagePolicy: File image: 'docker.eu.xxxx.com/oci/prod/kong:3.5.0' workingDir: /usr/local/kong - name: ingress-controller image: 'docker.eu.xxxxx.com/oci/prod/kong-k8s-ingress:3.0.2' env: - name: CONTROLLER_KONG_ADMIN_URL value: 'http://127.0.0.1:8001' - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY value: 'true' - name: CONTROLLER_PUBLISH_SERVICE value: kong/kong-proxy - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CONTROLLER_INGRESS_CLASS value: kong resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: Always serviceAccount: kong-serviceaccount volumes: - name: ssl-testing-test-com secret: secretName: ssl-testing-test-com defaultMode: 420