search

Kong / charts

Helm chart for Kong
Apache License 2.0
249 stars 480 forks source link

Unable to enable Kong Manager without license #307

Closed chaosnook closed 3 years ago

chaosnook commented 3 years ago

base on this intruction I have been use this file minimal-k4k8s-with-kong-enterprise.yaml installs Kong for Kubernetes with Kong Enterprise with the ingress controller and PostgreSQL. It does not enable Enterprise features other than Kong Manager, and does not expose it or the Admin API via a TLS-secured ingress.

I think it still looking for license.

kubectl describe pods info `Name: my-kong-kong-96c9964f4-f7bn9 Namespace: kong Priority: 0 PriorityClassName: Node: map50-api-intra-3/172.16.43.126 Start Time: Fri, 05 Mar 2021 11:27:14 +0700 Labels: app.kubernetes.io/component=app app.kubernetes.io/instance=my-kong app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=kong app.kubernetes.io/version=2.3 helm.sh/chart=kong-1.15.0 pod-template-hash=96c9964f4 Annotations: Status: Pending IP: 10.244.1.32 Controlled By: ReplicaSet/my-kong-kong-96c9964f4 Init Containers: wait-for-db: Container ID:
Image: kong-docker-kong-gateway-docker.bintray.io/kong-enterprise-edition:2.3.2.0-alpine Image ID:
Port: Host Port: Command: /bin/sh -c until kong start; do echo 'waiting for db'; sleep 1; done; kong stop; rm -fv '/kong_prefix//stream_rpc.sock' State: Waiting Reason: CreateContainerConfigError Ready: False Restart Count: 0 Environment: KONG_ADMIN_ACCESS_LOG: /dev/stdout KONG_ADMIN_ERROR_LOG: /dev/stderr KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr KONG_ADMIN_GUI_LISTEN: 0.0.0.0:8002, 0.0.0.0:8445 http2 ssl KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 http2 ssl KONG_CLUSTER_LISTEN: off KONG_CLUSTER_TELEMETRY_LISTEN: off KONG_DATABASE: postgres KONG_KIC: on KONG_LICENSE_DATA: <set to the key 'license' in secret 'kong-enterprise-license'> Optional: false KONG_LUA_PACKAGE_PATH: /opt/?.lua;/opt/?/init.lua;; KONG_NGINX_WORKER_PROCESSES: 2 KONG_PASSWORD: <set to the key 'password' in secret 'kong-enterprise-superuser-password'> Optional: false KONG_PG_HOST: my-kong-postgresql KONG_PG_PASSWORD: <set to the key 'postgresql-password' in secret 'my-kong-postgresql'> Optional: false KONG_PG_PORT: 5432 KONG_PLUGINS: bundled KONG_PORTAL_API_ACCESS_LOG: /dev/stdout KONG_PORTAL_API_ERROR_LOG: /dev/stderr KONG_PORT_MAPS: 80:8000, 443:8443 KONG_PREFIX: /kong_prefix/ KONG_PROXY_ACCESS_LOG: /dev/stdout KONG_PROXY_ERROR_LOG: /dev/stderr KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl KONG_SMTP_MOCK: on KONG_STATUS_LISTEN: 0.0.0.0:8100 KONG_STREAM_LISTEN: off KONG_VITALS: off Mounts: /kong_prefix/ from my-kong-kong-prefix-dir (rw) /tmp from my-kong-kong-tmp (rw) /var/run/secrets/kubernetes.io/serviceaccount from my-kong-kong-token-lghp7 (ro) Containers: ingress-controller: Container ID:
Image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:1.1 Image ID:
Port: Host Port: Args: /kong-ingress-controller State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Liveness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3 Readiness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3 Environment: POD_NAME: my-kong-kong-96c9964f4-f7bn9 (v1:metadata.name) POD_NAMESPACE: kong (v1:metadata.namespace) CONTROLLER_ELECTION_ID: kong-ingress-controller-leader-kong CONTROLLER_INGRESS_CLASS: kong CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY: true CONTROLLER_KONG_ADMIN_URL: https://localhost:8444 CONTROLLER_PUBLISH_SERVICE: kong/my-kong-kong-proxy Mounts: /var/run/secrets/kubernetes.io/serviceaccount from my-kong-kong-token-lghp7 (ro) proxy: Container ID:
Image: kong-docker-kong-gateway-docker.bintray.io/kong-enterprise-edition:2.3.2.0-alpine Image ID:
Ports: 8001/TCP, 8444/TCP, 8000/TCP, 8443/TCP, 8100/TCP, 8002/TCP, 8445/TCP Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Liveness: http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3 Readiness: http-get http://:status/status delay=5s timeout=5s period=10s #success=1 #failure=3 Environment: KONG_ADMIN_ACCESS_LOG: /dev/stdout KONG_ADMIN_ERROR_LOG: /dev/stderr KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr KONG_ADMIN_GUI_LISTEN: 0.0.0.0:8002, 0.0.0.0:8445 http2 ssl KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 http2 ssl KONG_CLUSTER_LISTEN: off KONG_CLUSTER_TELEMETRY_LISTEN: off KONG_DATABASE: postgres KONG_KIC: on KONG_LICENSE_DATA: <set to the key 'license' in secret 'kong-enterprise-license'> Optional: false KONG_LUA_PACKAGE_PATH: /opt/?.lua;/opt/?/init.lua;; KONG_NGINX_WORKER_PROCESSES: 2 KONG_PASSWORD: <set to the key 'password' in secret 'kong-enterprise-superuser-password'> Optional: false KONG_PG_HOST: my-kong-postgresql KONG_PG_PASSWORD: <set to the key 'postgresql-password' in secret 'my-kong-postgresql'> Optional: false KONG_PG_PORT: 5432 KONG_PLUGINS: bundled KONG_PORTAL_API_ACCESS_LOG: /dev/stdout KONG_PORTAL_API_ERROR_LOG: /dev/stderr KONG_PORT_MAPS: 80:8000, 443:8443 KONG_PREFIX: /kong_prefix/ KONG_PROXY_ACCESS_LOG: /dev/stdout KONG_PROXY_ERROR_LOG: /dev/stderr KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl KONG_SMTP_MOCK: on KONG_STATUS_LISTEN: 0.0.0.0:8100 KONG_STREAM_LISTEN: off KONG_VITALS: off KONG_NGINX_DAEMON: off Mounts: /kong_prefix/ from my-kong-kong-prefix-dir (rw) /tmp from my-kong-kong-tmp (rw) /var/run/secrets/kubernetes.io/serviceaccount from my-kong-kong-token-lghp7 (ro) Conditions: Type Status Initialized False Ready False ContainersReady False PodScheduled True Volumes: my-kong-kong-prefix-dir: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium:
my-kong-kong-tmp: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium:
my-kong-kong-bash-wait-for-postgres: Type: ConfigMap (a volume populated by a ConfigMap) Name: my-kong-kong-bash-wait-for-postgres Optional: false my-kong-kong-token-lghp7: Type: Secret (a volume populated by a Secret) SecretName: my-kong-kong-token-lghp7 Optional: false QoS Class: BestEffort Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message

Normal Scheduled 3m31s default-scheduler Successfully assigned kong/my-kong-kong-96c9964f4-f7bn9 to map50-api-intra-3 Warning Failed 79s (x12 over 3m30s) kubelet, map50-api-intra-3 Error: secrets "kong-enterprise-license" not found Normal Pulled 65s (x13 over 3m30s) kubelet, map50-api-intra-3 Container image "kong-docker-kong-gateway-docker.bintray.io/kong-enterprise-edition:2.3.2.0-alpine" already present on machine`

rainest commented 3 years ago

https://github.com/Kong/charts/pull/310 will handle ignoring the license if it's not set. It's currently merged, but unreleased, and will go out in 2.0.0-rc1.

In the interim, you can create a dummy license: an license secret with an empty JSON object ({}) instead of an actual license will effectively work the same as no license at all.

rainest commented 3 years ago

2.0.0-rc.1 is now available

@chaosnook can you upgrade a release to the release candidate (note that you'll need to use --version 2.0.0-rc.1 when running helm upgrade or helm install, since by default Helm will use the latest stable release) to confirm that you can now omit the license setting and use free mode?

rainest commented 3 years ago

2.0.0 final is now released, going ahead and closing this.