Closed tirelibirefe closed 10 months ago
Hi @tirelibirefe
Do you mind attaching the config file that you're trying to use in this configuration so that we can assess what might be wrong with it?
You can always refer to https://docs.konghq.com/gateway/3.4.x/production/deployment-topologies/db-less-and-declarative-config/ for more information on the declarative config schema and how to manage it.
As mentioned in the docs, you can also use deck yourself to check via deck gateway validate
what's wrong with your config.
Hello @pmalek Thanks for your response and feedback. Here is my values.yaml file:
deployment:
kong:
enabled: true
serviceAccount:
create: true
automountServiceAccountToken: false
test:
enabled: false
daemonset: false
hostNetwork: false
prefixDir:
sizeLimit: 256Mi
tmpDir:
sizeLimit: 1Gi
env:
database: "off"
router_flavor: "traditional"
nginx_worker_processes: "2"
proxy_access_log: /dev/stdout
admin_access_log: /dev/stdout
admin_gui_access_log: /dev/stdout
portal_api_access_log: /dev/stdout
proxy_error_log: /dev/stderr
admin_error_log: /dev/stderr
admin_gui_error_log: /dev/stderr
portal_api_error_log: /dev/stderr
prefix: /kong_prefix/
plugins: "bundled,oidc"
extraLabels: {}
image:
repository: kong
tag: "3.4"
effectiveSemver:
pullPolicy: IfNotPresent
admin:
enabled: false
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: false
servicePort: 8001
containerPort: 8001
parameters: []
tls:
enabled: true
servicePort: 8444
containerPort: 8444
parameters:
- http2
client:
caBundle: ""
secretName: ""
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
status:
enabled: true
http:
enabled: true
containerPort: 8100
parameters: []
tls:
enabled: false
containerPort: 8543
parameters: []
clusterCaSecretName: ""
cluster:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8005
containerPort: 8005
parameters: []
type: ClusterIP
loadBalancerClass:
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
proxy:
enabled: true
type: ClusterIP
loadBalancerClass:
nameOverride: ""
annotations: {}
labels:
enable-metrics: "true"
http:
enabled: true
servicePort: 80
containerPort: 8000
parameters: []
tls:
enabled: true
servicePort: 443
containerPort: 8443
parameters:
- http2
stream: []
ingress:
enabled: true
ingressClassName: nginx
annotations: {}
labels: {}
hostname: newerapi.dev-hub.myawesomecompany.com
path: /
pathType: ImplementationSpecific
hosts: []
udpProxy:
enabled: false
type: LoadBalancer
loadBalancerClass:
annotations: {}
labels: {}
stream: []
plugins: {}
secretVolumes: []
migrations:
preUpgrade: true
postUpgrade: true
annotations:
sidecar.istio.io/inject: false
jobAnnotations: {}
backoffLimit:
resources: {}
dblessConfig:
configMap: ""
secret: ""
config: |
_format_version: "1.1"
services:
# Example configuration
- name: noidea.com
url: http://noidea.com
routes:
- name: whatroute
paths:
- "/whatpath"
# Optionally specify any extra sidecar containers to be included in the
# migration jobs
# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core
sidecarContainers:
- name: sidecar
image: sidecar:latest
ingressController:
enabled: false
image:
repository: kong/kubernetes-ingress-controller
tag: "3.0"
effectiveSemver:
args: []
gatewayDiscovery:
enabled: false
generateAdminApiService: false
adminApiService:
namespace: ""
name: ""
watchNamespaces: []
env:
kong_admin_tls_skip_verify: true
admissionWebhook:
enabled: true
failurePolicy: Ignore
port: 8080
certificate:
provided: false
namespaceSelector: {}
service:
labels: {}
ingressClass: kong
ingressClassAnnotations: {}
rbac:
create: true
livenessProbe:
httpGet:
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: "/readyz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources: {}
konnect:
enabled: false
runtimeGroupID: ""
apiHostname: "us.kic.api.konghq.com"
tlsClientCertSecretName: "konnect-client-tls"
license:
enabled: false
adminApi:
tls:
client:
enabled: false
certProvided: false
secretName: ""
caSecretName: ""
postgresql:
enabled: false
auth:
username: kong
database: kong
image:
tag: 13.11.0-debian-11-r20
service:
ports:
postgresql: "5432"
certificates:
enabled: false
issuer: ""
clusterIssuer: ""
proxy:
enabled: false
issuer: ""
clusterIssuer: ""
commonName: "app.example"
dnsNames: []
admin:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "kong.example"
dnsNames: []
portal:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "developer.example"
dnsNames: []
cluster:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "kong_clustering"
dnsNames: []
waitImage:
enabled: true
pullPolicy: IfNotPresent
updateStrategy: {}
resources: {}
readinessProbe:
httpGet:
path: "/status/ready"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: "/status"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
lifecycle:
preStop:
exec:
command:
- kong
- quit
- '--wait=15'
terminationGracePeriodSeconds: 30
tolerations: []
nodeSelector: {}
podAnnotations:
kuma.io/gateway: enabled
traffic.sidecar.istio.io/includeInboundPorts: ""
podLabels: {}
replicaCount: 1
deploymentAnnotations: {}
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
behavior: {}
targetCPUUtilizationPercentage:
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
podDisruptionBudget:
enabled: false
podSecurityPolicy:
enabled: false
labels: {}
annotations: {}
spec:
privileged: false
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
runAsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
- 'projected'
allowPrivilegeEscalation: false
hostNetwork: false
hostIPC: false
hostPID: false
readOnlyRootFilesystem: true
priorityClassName: ""
securityContext: {}
containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
serviceMonitor:
enabled: false
enterprise:
enabled: false
vitals:
enabled: true
portal:
enabled: false
rbac:
enabled: false
admin_gui_auth: basic-auth
session_conf_secret: kong-session-config
admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
smtp:
enabled: false
portal_emails_from: none@example.com
portal_emails_reply_to: none@example.com
admin_emails_from: none@example.com
admin_emails_reply_to: none@example.com
smtp_admin_emails: none@example.com
smtp_host: smtp.example.com
smtp_port: 587
smtp_auth_type: ''
smtp_ssl: nil
smtp_starttls: true
auth:
smtp_username: '' # e.g. postmaster@example.com
smtp_password_secret: CHANGEME-smtp-password
manager:
enabled: true
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8002
containerPort: 8002
parameters: []
tls:
enabled: false
servicePort: 8445
containerPort: 8445
parameters:
- http2
ingress:
enabled: true
ingressClassName: nginx
hostname: kong.dev-hub.myawesomecompany.com
annotations: {}
path: /
pathType: ImplementationSpecific
portal:
enabled: false
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8003
containerPort: 8003
parameters: []
tls:
enabled: true
servicePort: 8446
containerPort: 8446
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
portalapi:
enabled: true
type: ClusterIP
loadBalancerClass:
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8004
containerPort: 8004
parameters: []
tls:
enabled: true
servicePort: 8447
containerPort: 8447
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
clustertelemetry:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8006
containerPort: 8006
parameters: []
type: ClusterIP
loadBalancerClass:
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
extraConfigMaps: []
extraSecrets: []
extraObjects: []
Thanks for sending that over. I'll just comment that helm's values provided by the user are meant to just specify the fields that you want to override. As I can see from the file that you've sent, that seem to be the full (or at least a big portion of it) values.yaml that we provide, with some customizations.
That's not following the best practices of using helm because you may e.g. easily drift with your values and defaults provided by chart maintainers.
So e.g. the last 3 values (and most of the rest as well) don't need to be specified because they are already set to the same values in the chart
This way it's also hard to figure out what are the actual user provided values and which are "copy pasted".
Hello @pmalek Currently I don't need to add anything under extraSecrets, extraConfigMaps, extraObjects etc.
Pods stuck initial state and installation cannot be completed.
The point I would like to access is just to have a working "db-less Kong installation"; "running" pods. I don't want to define any routing, any forwarding, any authentication, any fancy stuff, I don't want to configure anything else at beginning.
Regarding to my minimal expectation, could pls advise a minimal configuration sample? I will be very appreciated.
Thanks
I you want "nothing fancy" and "just make it work" then ingress chart is the way to go:
helm upgrade --install --create-namespace -n kong kong kong/ingress
Should work out of the box. This will install KIC + Kong Gateway in a dbless setting.
If you'd like to explore example values for either of our charts you can find those in
kong
chartingress
chart.Hello @pmalek thanks again for your kindly feedback even if you were mad at me.
this chart enables ingress controller. I don't want to enable ingress controller.
I think I was misunderstood. I would like to evaluate "apigateway / api management" features of Kong. My purpose is not to have an ingress controller. As I assumed "proxy" is the Kong itself, I don't want to exclude it in my installation.
...anyway, I found the problem.
Indentation is wrong in the example config, I fixed it and it works now.
Thanks & Regards
A simple values file like so should get you going:
image:
repository: kong/kong-gateway
tag: "3.4"
admin:
# Enable creating a Kubernetes service for the admin API
# Enterprise users that wish to use Kong Manager with the controller should enable this
enabled: true
type: NodePort
readinessProbe:
httpGet:
# Configure this to get Kong Gateway immediately ready. By default /status/ready is used
# ref: https://docs.konghq.com/gateway/latest/production/monitoring/readiness-check
path: "/status"
port: status
scheme: HTTP
env:
database: "off"
ingressController:
enabled: false
Please note that you have to decide what's your preferred way of configuring the Gateway. This way you can configure it through the Admin API (which in this values.yaml file is configure to be exposed as a NodePort
Service).
I hope that helps. Let us know if you have any other questions.
Thank you @pmalek DBless works and now I am working on "...with external Postgres" option. I have a problem here which I am looking for help.
👍
Can we close this one then?
sure
Obrigado DBless funciona e agora estou trabalhando em "... com Postgres externo". Eu tenho um problema aqui que estou procurando ajuda.
@tirelibirefe Could you leave an example of the error, I'm having the same problem. What example worked?
Hello, I would like to install Kong with DB-less config within a POC evaluation. When I attempt to install Kong Helm Chart 2.31.0 on EKS 1.28, I get following error message:
I see there are many complaints for DB-less configuration since 2019 but all workarounds are for Docker or linux installation. Unfortunately I couldn't have accessed to any workaround or solid solution.
There are mentions for kong.yml but it is not something configurable in Helm Chart. If it must prepared manually, all fields (url, path) are blury and not defined in any documentation properly.
could you please a workaround and indicate something I missed?
Thanks & Regards