From ca9700765c5df23f28130af858de660de80d358c Mon Sep 17 00:00:00 2001 From: Charly Molter Date: Fri, 29 Mar 2024 12:12:21 +0100 Subject: [PATCH] chore(kumactl): remove `kumactl install gateway` (#9743) This docs now use helm charts and we should just use helm charts or whatever the Gateway thinks is best. This removes some maintenance burden on our side. fix #5896 Signed-off-by: Charly Molter --- .../cmd/completion/testdata/bash.golden | 101 -- app/kumactl/cmd/install/install.go | 1 - app/kumactl/cmd/install/install_gateway.go | 19 - .../cmd/install/install_gateway_kong.go | 46 - .../install_gateway_kong_enterprise.go | 65 - .../cmd/install/install_gateway_test.go | 81 - app/kumactl/cmd/install/render_files.go | 4 - ...ll-gateway-enterprise.defaults.golden.yaml | 1352 ----------------- ...l-gateway-enterprise.overrides.golden.yaml | 1352 ----------------- .../install-gateway.defaults.golden.yaml | 1336 ---------------- .../install-gateway.overrides.golden.yaml | 1336 ---------------- .../kong-enterprise/kong-enterprise.yaml | 1350 ---------------- .../install/k8s/gateway-kong/kong/kong.yaml | 1334 ---------------- 13 files changed, 8377 deletions(-) delete mode 100644 app/kumactl/cmd/install/install_gateway.go delete mode 100644 app/kumactl/cmd/install/install_gateway_kong.go delete mode 100644 app/kumactl/cmd/install/install_gateway_kong_enterprise.go delete mode 100644 app/kumactl/cmd/install/install_gateway_test.go delete mode 100644 app/kumactl/cmd/install/testdata/install-gateway-enterprise.defaults.golden.yaml delete mode 100644 app/kumactl/cmd/install/testdata/install-gateway-enterprise.overrides.golden.yaml delete mode 100644 app/kumactl/cmd/install/testdata/install-gateway.defaults.golden.yaml delete mode 100644 app/kumactl/cmd/install/testdata/install-gateway.overrides.golden.yaml delete mode 100644 app/kumactl/data/install/k8s/gateway-kong-enterprise/kong-enterprise/kong-enterprise.yaml delete mode 100644 app/kumactl/data/install/k8s/gateway-kong/kong/kong.yaml diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden index cf283a133811..04e644dd1514 100644 --- a/app/kumactl/cmd/completion/testdata/bash.golden +++ b/app/kumactl/cmd/completion/testdata/bash.golden @@ -5410,106 +5410,6 @@ _kumactl_install_demo() noun_aliases=() } -_kumactl_install_gateway_kong() -{ - last_command="kumactl_install_gateway_kong" - - command_aliases=() - - commands=() - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--mesh=") - two_word_flags+=("--mesh") - local_nonpersistent_flags+=("--mesh") - local_nonpersistent_flags+=("--mesh=") - flags+=("--namespace=") - two_word_flags+=("--namespace") - local_nonpersistent_flags+=("--namespace") - local_nonpersistent_flags+=("--namespace=") - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - - must_have_one_flag=() - must_have_one_noun=() - noun_aliases=() -} - -_kumactl_install_gateway_kong-enterprise() -{ - last_command="kumactl_install_gateway_kong-enterprise" - - command_aliases=() - - commands=() - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--license-path=") - two_word_flags+=("--license-path") - local_nonpersistent_flags+=("--license-path") - local_nonpersistent_flags+=("--license-path=") - flags+=("--namespace=") - two_word_flags+=("--namespace") - local_nonpersistent_flags+=("--namespace") - local_nonpersistent_flags+=("--namespace=") - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - - must_have_one_flag=() - must_have_one_flag+=("--license-path=") - must_have_one_noun=() - noun_aliases=() -} - -_kumactl_install_gateway() -{ - last_command="kumactl_install_gateway" - - command_aliases=() - - commands=() - commands+=("kong") - commands+=("kong-enterprise") - - flags=() - two_word_flags=() - local_nonpersistent_flags=() - flags_with_completion=() - flags_completion=() - - flags+=("--api-timeout=") - two_word_flags+=("--api-timeout") - flags+=("--config-file=") - two_word_flags+=("--config-file") - flags+=("--log-level=") - two_word_flags+=("--log-level") - flags+=("--no-config") - - must_have_one_flag=() - must_have_one_noun=() - noun_aliases=() -} - _kumactl_install_observability() { last_command="kumactl_install_observability" @@ -5705,7 +5605,6 @@ _kumactl_install() commands+=("control-plane") commands+=("crds") commands+=("demo") - commands+=("gateway") commands+=("observability") commands+=("transparent-proxy") diff --git a/app/kumactl/cmd/install/install.go b/app/kumactl/cmd/install/install.go index fea5a1cf9bc3..31414b754f7d 100644 --- a/app/kumactl/cmd/install/install.go +++ b/app/kumactl/cmd/install/install.go @@ -18,7 +18,6 @@ func NewInstallCmd(pctx *kumactl_cmd.RootContext) *cobra.Command { cmd.AddCommand(newInstallCrdsCmd(&pctx.InstallCRDContext)) cmd.AddCommand(newInstallObservability(pctx)) cmd.AddCommand(newInstallDemoCmd(&pctx.InstallDemoContext)) - cmd.AddCommand(newInstallGatewayCmd(pctx)) cmd.AddCommand(newInstallTransparentProxy()) return cmd diff --git a/app/kumactl/cmd/install/install_gateway.go b/app/kumactl/cmd/install/install_gateway.go deleted file mode 100644 index 5a98c677072f..000000000000 --- a/app/kumactl/cmd/install/install_gateway.go +++ /dev/null @@ -1,19 +0,0 @@ -package install - -import ( - "github.com/spf13/cobra" - - kumactl_cmd "github.com/kumahq/kuma/app/kumactl/pkg/cmd" -) - -func newInstallGatewayCmd(pctx *kumactl_cmd.RootContext) *cobra.Command { - cmd := &cobra.Command{ - Use: "gateway", - Short: "Install ingress gateway on Kubernetes", - Long: "Install ingress gateway on Kubernetes in its own namespace.", - } - // sub-commands - cmd.AddCommand(newInstallGatewayKongCmd(&pctx.InstallGatewayKongContext)) - cmd.AddCommand(newInstallGatewayKongEnterpriseCmd(&pctx.InstallGatewayKongEnterpriseContext)) - return cmd -} diff --git a/app/kumactl/cmd/install/install_gateway_kong.go b/app/kumactl/cmd/install/install_gateway_kong.go deleted file mode 100644 index 93f7b3b7f703..000000000000 --- a/app/kumactl/cmd/install/install_gateway_kong.go +++ /dev/null @@ -1,46 +0,0 @@ -package install - -import ( - "github.com/pkg/errors" - "github.com/spf13/cobra" - - install_context "github.com/kumahq/kuma/app/kumactl/cmd/install/context" - kumactl_data "github.com/kumahq/kuma/app/kumactl/data" - "github.com/kumahq/kuma/app/kumactl/pkg/install/data" - "github.com/kumahq/kuma/app/kumactl/pkg/install/k8s" -) - -func newInstallGatewayKongCmd(ctx *install_context.InstallGatewayKongContext) *cobra.Command { - args := ctx.Args - cmd := &cobra.Command{ - Use: "kong", - Short: "Install Kong ingress gateway on Kubernetes", - Long: "Install Kong ingress gateway on Kubernetes in its own namespace.", - RunE: func(cmd *cobra.Command, _ []string) error { - templateFiles, err := data.ReadFiles(kumactl_data.InstallGatewayKongFS()) - if err != nil { - return errors.Wrap(err, "Failed to read template files") - } - - renderedFiles, err := renderFiles(templateFiles, args, simpleTemplateRenderer) - if err != nil { - return errors.Wrap(err, "Failed to render template files") - } - - sortedResources, err := k8s.SortResourcesByKind(renderedFiles) - if err != nil { - return errors.Wrap(err, "Failed to sort resources by kind") - } - - singleFile := data.JoinYAML(sortedResources) - - if _, err := cmd.OutOrStdout().Write(singleFile.Data); err != nil { - return errors.Wrap(err, "Failed to output rendered resources") - } - return nil - }, - } - cmd.Flags().StringVar(&args.Namespace, "namespace", args.Namespace, "namespace to install gateway to") - cmd.Flags().StringVar(&args.Mesh, "mesh", args.Namespace, "mesh to install gateway to") - return cmd -} diff --git a/app/kumactl/cmd/install/install_gateway_kong_enterprise.go b/app/kumactl/cmd/install/install_gateway_kong_enterprise.go deleted file mode 100644 index e5f51688a753..000000000000 --- a/app/kumactl/cmd/install/install_gateway_kong_enterprise.go +++ /dev/null @@ -1,65 +0,0 @@ -package install - -import ( - "os" - - "github.com/pkg/errors" - "github.com/spf13/cobra" - - install_context "github.com/kumahq/kuma/app/kumactl/cmd/install/context" - kumactl_data "github.com/kumahq/kuma/app/kumactl/data" - "github.com/kumahq/kuma/app/kumactl/pkg/install/data" - "github.com/kumahq/kuma/app/kumactl/pkg/install/k8s" -) - -type templateArgs struct { - Namespace string - LicenseText string -} - -func newInstallGatewayKongEnterpriseCmd(ctx *install_context.InstallGatewayKongEnterpriseContext) *cobra.Command { - args := ctx.Args - cmd := &cobra.Command{ - Use: "kong-enterprise", - Short: "Install Kong ingress gateway on Kubernetes", - Long: "Install Kong ingress gateway on Kubernetes in its own namespace.", - RunE: func(cmd *cobra.Command, _ []string) error { - templateFiles, err := data.ReadFiles(kumactl_data.InstallGatewayKongEnterpriseFS()) - if err != nil { - return errors.Wrap(err, "Failed to read template files") - } - - licenseBytes, err := os.ReadFile(args.LicensePath) - if err != nil { - return errors.Wrap(err, "Failed to read license file") - } - - templateArgs := templateArgs{ - Namespace: args.Namespace, - LicenseText: string(licenseBytes), - } - - renderedFiles, err := renderFiles(templateFiles, templateArgs, simpleTemplateRenderer) - if err != nil { - return errors.Wrap(err, "Failed to render template files") - } - - sortedResources, err := k8s.SortResourcesByKind(renderedFiles) - if err != nil { - return errors.Wrap(err, "Failed to sort resources by kind") - } - - singleFile := data.JoinYAML(sortedResources) - - if _, err := cmd.OutOrStdout().Write(singleFile.Data); err != nil { - return errors.Wrap(err, "Failed to output rendered resources") - } - - return nil - }, - } - cmd.Flags().StringVar(&args.Namespace, "namespace", args.Namespace, "namespace to install gateway to") - cmd.Flags().StringVar(&args.LicensePath, "license-path", args.LicensePath, "path to license file") - _ = cmd.MarkFlagRequired("license-path") - return cmd -} diff --git a/app/kumactl/cmd/install/install_gateway_test.go b/app/kumactl/cmd/install/install_gateway_test.go deleted file mode 100644 index 3f6c66c585e3..000000000000 --- a/app/kumactl/cmd/install/install_gateway_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package install_test - -import ( - "bytes" - "path/filepath" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - - "github.com/kumahq/kuma/pkg/util/test" - kuma_version "github.com/kumahq/kuma/pkg/version" -) - -var _ = Describe("kumactl install gateway", func() { - var stdout *bytes.Buffer - var stderr *bytes.Buffer - - BeforeEach(func() { - stdout = &bytes.Buffer{} - stderr = &bytes.Buffer{} - }) - - type testCase struct { - extraArgs []string - goldenFile string - } - - BeforeEach(func() { - kuma_version.Build = kuma_version.BuildInfo{ - Version: "0.0.1", - GitTag: "v0.0.1", - GitCommit: "91ce236824a9d875601679aa80c63783fb0e8725", - BuildDate: "2019-08-07T11:26:06Z", - } - }) - - DescribeTable("should generate Kubernetes resources", - func(given testCase) { - // given - rootCmd := test.DefaultTestingRootCmd() - rootCmd.SetArgs(append([]string{"install", "gateway"}, given.extraArgs...)) - rootCmd.SetOut(stdout) - rootCmd.SetErr(stderr) - - // when - err := rootCmd.Execute() - - // then - Expect(err).ToNot(HaveOccurred()) - Expect(stderr.String()).To(BeEmpty()) - - // and output matches golden files - actual := stdout.Bytes() - ExpectMatchesGoldenFiles(actual, filepath.Join("testdata", given.goldenFile)) - }, - Entry("should generate Kubernetes resources with default settings", testCase{ - extraArgs: []string{ - "kong", - }, - goldenFile: "install-gateway.defaults.golden.yaml", - }), - Entry("should generate Kubernetes resources with custom settings", testCase{ - extraArgs: []string{ - "kong", "--namespace", "notdefault", - }, - goldenFile: "install-gateway.overrides.golden.yaml", - }), - Entry("should generate Kubernetes resources with default settings for enterprise", testCase{ - extraArgs: []string{ - "kong-enterprise", "--license-path", filepath.Join("testdata", "/license"), - }, - goldenFile: "install-gateway-enterprise.defaults.golden.yaml", - }), - Entry("should generate Kubernetes resources with custom settings for enterprise", testCase{ - extraArgs: []string{ - "kong-enterprise", "--license-path", filepath.Join("testdata", "/license"), "--namespace", "notdefault", - }, - goldenFile: "install-gateway-enterprise.overrides.golden.yaml", - }), - ) -}) diff --git a/app/kumactl/cmd/install/render_files.go b/app/kumactl/cmd/install/render_files.go index 348b545fd2d6..9599a8ecbb38 100644 --- a/app/kumactl/cmd/install/render_files.go +++ b/app/kumactl/cmd/install/render_files.go @@ -15,10 +15,6 @@ type templateFilter interface { Filter(name string) bool } -func renderFiles(templates []data.File, args interface{}, newRenderer func(data.File) (templateRenderer, error)) ([]data.File, error) { - return renderFilesWithFilter(templates, args, newRenderer, NoneFilter{}) -} - func renderFilesWithFilter(templates []data.File, args interface{}, newRenderer func(data.File) (templateRenderer, error), filter templateFilter) ([]data.File, error) { renderedFiles := make([]data.File, len(templates)) diff --git a/app/kumactl/cmd/install/testdata/install-gateway-enterprise.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-gateway-enterprise.defaults.golden.yaml deleted file mode 100644 index 62a565789d26..000000000000 --- a/app/kumactl/cmd/install/testdata/install-gateway-enterprise.defaults.golden.yaml +++ /dev/null @@ -1,1352 +0,0 @@ - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kong-enterprise-gateway - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kong-enterprise-gateway ---- -apiVersion: v1 -kind: Secret -metadata: - name: kong-enterprise-license - namespace: kong-enterprise-gateway -type: Opaque -stringData: - license: | - {"license": "test"} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong-enterprise-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kong-enterprise-gateway -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kong-enterprise-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kong-enterprise-gateway ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kong-enterprise-gateway -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kong-enterprise-gateway -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kong-enterprise-gateway -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong/kong-gateway:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kong-enterprise-gateway/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - imagePullSecrets: - - name: kong-enterprise-edition-docker - serviceAccountName: kong-serviceaccount diff --git a/app/kumactl/cmd/install/testdata/install-gateway-enterprise.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-gateway-enterprise.overrides.golden.yaml deleted file mode 100644 index 9764ea20022e..000000000000 --- a/app/kumactl/cmd/install/testdata/install-gateway-enterprise.overrides.golden.yaml +++ /dev/null @@ -1,1352 +0,0 @@ - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: notdefault - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: v1 -kind: Secret -metadata: - name: kong-enterprise-license - namespace: notdefault -type: Opaque -stringData: - license: | - {"license": "test"} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: notdefault -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: notdefault -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: notdefault -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: notdefault -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: notdefault -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong/kong-gateway:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: notdefault/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - imagePullSecrets: - - name: kong-enterprise-edition-docker - serviceAccountName: kong-serviceaccount diff --git a/app/kumactl/cmd/install/testdata/install-gateway.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-gateway.defaults.golden.yaml deleted file mode 100644 index 08ae8d9af909..000000000000 --- a/app/kumactl/cmd/install/testdata/install-gateway.defaults.golden.yaml +++ /dev/null @@ -1,1336 +0,0 @@ - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kuma-gateway - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: kuma-gateway ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kuma-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: kuma-gateway -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: kuma-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: kuma-gateway ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: kuma-gateway -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: kuma-gateway -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: kuma-gateway -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - kuma.io/mesh: "kuma-gateway" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: kuma-gateway/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount diff --git a/app/kumactl/cmd/install/testdata/install-gateway.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-gateway.overrides.golden.yaml deleted file mode 100644 index 669fa68b54c5..000000000000 --- a/app/kumactl/cmd/install/testdata/install-gateway.overrides.golden.yaml +++ /dev/null @@ -1,1336 +0,0 @@ - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: notdefault - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: notdefault -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: notdefault -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: notdefault ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: notdefault -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: notdefault -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: notdefault -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - kuma.io/mesh: "kuma-gateway" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: notdefault/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount diff --git a/app/kumactl/data/install/k8s/gateway-kong-enterprise/kong-enterprise/kong-enterprise.yaml b/app/kumactl/data/install/k8s/gateway-kong-enterprise/kong-enterprise/kong-enterprise.yaml deleted file mode 100644 index 2645937e3177..000000000000 --- a/app/kumactl/data/install/k8s/gateway-kong-enterprise/kong-enterprise/kong-enterprise.yaml +++ /dev/null @@ -1,1350 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Namespace }} - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: {{ .Namespace }} -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: {{ .Namespace }} -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: {{ .Namespace }} -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: {{ .Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_LICENSE_DATA - valueFrom: - secretKeyRef: - key: license - name: kong-enterprise-license - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong/kong-gateway:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: {{ .Namespace }}/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - imagePullSecrets: - - name: kong-enterprise-edition-docker - serviceAccountName: kong-serviceaccount ---- -apiVersion: v1 -kind: Secret -metadata: - name: kong-enterprise-license - namespace: {{ .Namespace }} -type: Opaque -stringData: - license: | - {{ .LicenseText }} diff --git a/app/kumactl/data/install/k8s/gateway-kong/kong/kong.yaml b/app/kumactl/data/install/k8s/gateway-kong/kong/kong.yaml deleted file mode 100644 index 4d1f27a13c61..000000000000 --- a/app/kumactl/data/install/k8s/gateway-kong/kong/kong.yaml +++ /dev/null @@ -1,1334 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Namespace }} - labels: - kuma.io/sidecar-injection: enabled ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongClusterPlugin - listKind: KongClusterPluginList - plural: kongclusterplugins - shortNames: - - kcp - singular: kongclusterplugin - preserveUnknownFields: false - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - namespace: - description: The namespace containing the secret - type: string - required: - - key - - name - - namespace - type: object - type: object - consumerRef: - description: ConsumerRef is a reference to a particular consumer - type: string - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongConsumer - listKind: KongConsumerList - plural: kongconsumers - shortNames: - - kc - singular: kongconsumer - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Username of a Kong Consumer - jsonPath: .username - name: Username - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API - properties: - credentials: - description: Credentials are references to secrets containing a credential - to be provisioned in Kong. - items: - type: string - type: array - custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database - type: string - username: - description: Username unique username of the consumer. - type: string - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongIngress - listKind: KongIngressList - plural: kongingresses - shortNames: - - ki - singular: kongingress - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API - properties: - proxy: - properties: - connect_timeout: - minimum: 0 - type: integer - path: - pattern: ^/.*$ - type: string - protocol: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - read_timeout: - minimum: 0 - type: integer - retries: - minimum: 0 - type: integer - write_timeout: - minimum: 0 - type: integer - type: object - route: - description: Route represents a Route in Kong. Read https://getkong.org/docs/0.13.x/admin-api/#Route-object - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - https_redirect_status_code: - type: integer - methods: - items: - type: string - type: array - path_handling: - enum: - - v0 - - v1 - type: string - preserve_host: - type: boolean - protocols: - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - regex_priority: - type: integer - request_buffering: - description: "Kong buffers requests and responses by default. Buffering - is not always desired, for instance if large payloads are being - proxied using HTTP 1.1 chunked encoding. \n The request and response - route buffering options are enabled by default and allow the user - to disable buffering if desired for their use case. \n SEE ALSO: - - https://github.com/Kong/kong/pull/6057 - https://docs.konghq.com/2.2.x/admin-api/#route-object" - type: boolean - response_buffering: - type: boolean - snis: - items: - type: string - type: array - strip_path: - type: boolean - type: object - upstream: - description: Upstream represents an Upstream in Kong. - properties: - algorithm: - enum: - - round-robin - - consistent-hashing - - least-connections - type: string - hash_fallback: - type: string - hash_fallback_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - healthchecks: - description: Healthcheck represents a health-check config of an upstream - in Kong. - properties: - active: - description: ActiveHealthcheck configures active health check - probing. - properties: - concurrency: - minimum: 1 - type: integer - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - http_path: - pattern: ^/.*$ - type: string - timeout: - minimum: 0 - type: integer - type: - type: string - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - passive: - description: PassiveHealthcheck configures passive checks around - passive health checks. - properties: - healthy: - description: Healthy configures thresholds and HTTP status - codes to mark targets healthy for an upstream. - properties: - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - successes: - minimum: 0 - type: integer - type: object - unhealthy: - description: Unhealthy configures thresholds and HTTP status - codes to mark targets unhealthy. - properties: - http_failures: - minimum: 0 - type: integer - http_statuses: - items: - type: integer - type: array - interval: - minimum: 0 - type: integer - tcp_failures: - minimum: 0 - type: integer - timeout: - minimum: 0 - type: integer - type: object - type: object - threshold: - type: integer - type: object - host_header: - type: string - slots: - minimum: 10 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: KongPlugin - listKind: KongPluginList - plural: kongplugins - shortNames: - - kp - singular: kongplugin - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the plugin - jsonPath: .plugin - name: Plugin-Type - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Indicates if the plugin is disabled - jsonPath: .disabled - name: Disabled - priority: 1 - type: boolean - - description: Configuration of the plugin - jsonPath: .config - name: Config - priority: 1 - type: string - name: v1 - schema: - openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API - properties: - config: - description: Config contains the plugin configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configFrom: - description: ConfigFrom references a secret containing the plugin configuration. - properties: - secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value - properties: - key: - description: the key containing the value - type: string - name: - description: the secret containing the key - type: string - required: - - key - - name - type: object - type: object - disabled: - description: Disabled set if the plugin is disabled or not - type: boolean - plugin: - description: PluginName is the name of the plugin to which to apply the - config - type: string - protocols: - description: Protocols configures plugin to run on requests received on - specific protocols. - items: - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - - udp - type: string - type: array - run_on: - description: RunOn configures the plugin to run on the first or the second - or both nodes in case of a service mesh deployment. - enum: - - first - - second - - all - type: string - required: - - plugin - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: TCPIngress - listKind: TCPIngressList - plural: tcpingresses - singular: tcpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPIngressSpec defines the desired state of TCPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: IngressRule represents a rule to apply against incoming - requests. Matching is performed based on an (optional) SNI and - port. - properties: - backend: - description: Backend defines the referenced service endpoint - to which the traffic will be forwarded to. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - host: - description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. - type: string - port: - description: Port is the port on which to accept TCP or TLS - over TCP sessions and route. It is a required field. If a - Host is not specified, the requested are routed based only - on Port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - backend - type: object - type: array - tls: - description: TLS configuration. This is similar to the `tls` section - in the Ingress resource in networking.v1beta1 group. The mapping - of SNIs to TLS cert-key pair defined here will be used for HTTP - Ingress rules as well. Once can define the mapping in this resource - or the original Ingress resource, both have the same effect. - items: - description: IngressTLS describes the transport layer security. - properties: - hosts: - description: Hosts are a list of hosts included in the TLS certificate. - The values in this list must match the name/s used in the - tlsSecret. Defaults to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to terminate - SSL traffic. - type: string - type: object - type: array - type: object - status: - description: TCPIngressStatus defines the observed state of TCPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: udpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - names: - kind: UDPIngress - listKind: UDPIngressList - plural: udpingresses - singular: udpingress - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address of the load balancer - jsonPath: .status.loadBalancer.ingress[*].ip - name: Address - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: UDPIngressSpec defines the desired state of UDPIngress - properties: - rules: - description: A list of rules used to configure the Ingress. - items: - description: UDPIngressRule represents a rule to apply against incoming - requests wherein no Host matching is available for request routing, - only the port is used to match requests. - properties: - backend: - description: Backend defines the Kubernetes service which accepts - traffic from the listening Port defined above. - properties: - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - description: Specifies the port of the referenced service. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - serviceName - - servicePort - type: object - port: - description: Port indicates the port for the Kong proxy to accept - incoming traffic on, which will then be routed to the service - Backend. - type: integer - required: - - backend - - port - type: object - type: array - type: object - status: - description: UDPIngressStatus defines the observed state of UDPIngress - properties: - loadBalancer: - description: LoadBalancer contains the current status of the load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kong-leader-election - namespace: {{ .Namespace }} -rules: -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kong-ingress -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - gateways - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - gateways/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kong-leader-election - namespace: {{ .Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kong-leader-election -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kong-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kong-ingress -subjects: -- kind: ServiceAccount - name: kong-serviceaccount - namespace: {{ .Namespace }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-type: nlb - name: kong-proxy - namespace: {{ .Namespace }} -spec: - ports: - - name: proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: proxy-ssl - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: ingress-kong - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: kong-validation-webhook - namespace: {{ .Namespace }} -spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app: ingress-kong ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ingress-kong - name: ingress-kong - namespace: {{ .Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - traffic.sidecar.istio.io/includeInboundPorts: "" - kuma.io/mesh: "{{ .Mesh }}" - labels: - app: ingress-kong - spec: - containers: - - env: - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 ssl - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100 - - name: KONG_DATABASE - value: "off" - - name: KONG_NGINX_WORKER_PROCESSES - value: "2" - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - image: kong:2.5 - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-ssl - protocol: TCP - - containerPort: 8100 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: 8100 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: https://127.0.0.1:8444 - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: "true" - - name: CONTROLLER_PUBLISH_SERVICE - value: {{ .Namespace }}/kong-proxy - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: kong/kubernetes-ingress-controller:2.0.5 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - serviceAccountName: kong-serviceaccount