-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkong-cp.yaml.txt
123 lines (105 loc) · 2.95 KB
/
kong-cp.yaml.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
ingressController:
enabled: false
image:
repository: danmjfgwnxx0001.bankofbaroda.co.in:9443/kong/kong-gateway
tag: "3.4.3.11-rhel"
# Mount the secret created earlier
secretVolumes:
- kong-cluster-cert
- edb-ssl
env:
# This is a control_plane node
role: control_plane
#admin_api_uri: "https://172.16.138.204:9001"
admin_api_uri: "https://172.16.138.204:9001"
admin_uri: "https://172.16.138.203:9002"
portal_api_uri: https://172.16.138.205:9004
portal_gui_uri: https://172.16.138.205:9003
portal_gui_host: 172.16.138.205:9003
portal_gui_protocol: https
admin_gui_session_conf: '{"secret": "kong123", "storage": "kong","cookie_secure":true}'
#KONG_PORTAL_GUI_HOST: "172.16.138.205:9003"
# These certificates are used for control plane / data plane communication
cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
portal_gui_ssl_cert: /etc/secrets/kong-cluster-cert/tls.crt
portal_gui_ssl_cert_key: /etc/secrets/kong-cluster-cert/tls.key
#KONG_ADMIN_URL: http://kong-cp-kong-admin.kong-cp.svc.cluster.local:9001
# pg_ssl_cert: /etc/secrets/edb-ssl/ssl.crt
# pg_ssl_cert_key: /etc/secrets/edb-ssl/server.key
# pg_ssl_ca_cert: /etc/secrets/edb-ssl/ca.crt
# lua_ssl_trusted_certificate: /etc/secrets/edb-ssl/ca.crt
# Database
# CHANGE THESE VALUES
database: postgres
pg_database: kong
pg_user: kong
pg_password:
valueFrom:
secretKeyRef:
name: kong-db-password
key: password
pg_host: 172.16.91.150
pg_port: 6432
# pg_ssl: "off"
pg_connect_timeout: 120
pg_ssl_verify: "on"
pg_ssl_required: "on"
pg_ssl_version: tlsv1_3
pg_ssl_cert: /etc/secrets/edb-ssl/ssl.crt
pg_ssl_cert_key: /etc/secrets/edb-ssl/server.key
pg_ssl_ca_cert: /etc/secrets/edb-ssl/ca.crt
# lua_ssl_trusted_certificate: /etc/secrets/edb-ssl/ca.crt
#lua_ssl_verify_depth: 1
# pg_ssl: "off"
# Kong Manager password
password:
valueFrom:
secretKeyRef:
name: kong-db-password
key: kmg-password
# Enterprise functionality
enterprise:
enabled: true
license_secret: kong-enterprise-license
vitals:
enabled: true
rbac:
enabled: true
admin_gui_auth: basic-auth
# The control plane serves the Admin API
admin:
enabled: true
type: LoadBalancer
annotations:
cis.f5.com/ipamLabel: dmzuatipam
tls:
enabled: true
servicePort: 9001
containerPort: 9001
# Clustering endpoints are required in hybrid mode
cluster:
enabled: true
tls:
enabled: true
clustertelemetry:
enabled: true
tls:
enabled: true
# Optional features
manager:
enabled: true
type: LoadBalancer
annotations:
cis.f5.com/ipamLabel: dmzuatipam
tls:
enabled: true
servicePort: 9002
containerPort: 9002
portal:
enabled: false
portalapi:
enabled: false
# These roles will be served by different Helm releases
proxy:
enabled: false