search

Kong / charts

Helm chart for Kong
Apache License 2.0
243 stars 475 forks source link

Kong with external Postgresql DB doesn't work. #938

Closed tirelibirefe closed 10 months ago

tirelibirefe commented 10 months ago

Hello, As db-less config doesn't work, I attempted to run "Kong with external Postgres DB" but it has some issues too.

This is installation command:

helm upgrade --install kong -n kong . \
  --set env.database="postgres" \
  --set env.pg_host="*****-central-1.rds.amazonaws.com" \
  --set env.pg_port="5432" \
  --set env.pg_user="*****" \
  --set env.pg_password="*******" \
  --set env.pg_database="kong" \
  --set env.pg_ssl="on" \
  --set env.pg_ssl_verify="off" \
  --create-namespace

and this is my values.yaml file:

deployment:
  kong:
    enabled: true
  serviceAccount:
    create: true
    automountServiceAccountToken: false
  test:
    enabled: false
  daemonset: false
  hostNetwork: false
  prefixDir:
    sizeLimit: 256Mi
  tmpDir:
    sizeLimit: 1Gi
env:
  database: "off"
  router_flavor: "traditional"
  nginx_worker_processes: "2"
  proxy_access_log: /dev/stdout
  admin_access_log: /dev/stdout
  admin_gui_access_log: /dev/stdout
  portal_api_access_log: /dev/stdout
  proxy_error_log: /dev/stderr
  admin_error_log: /dev/stderr
  admin_gui_error_log: /dev/stderr
  portal_api_error_log: /dev/stderr
  prefix: /kong_prefix/
  plugins: "bundled,oidc"
extraLabels: {}
image:
  repository: kong
  tag: "3.4"
  effectiveSemver:
  pullPolicy: IfNotPresent
admin:
  enabled: false
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: false
    servicePort: 8001
    containerPort: 8001
    parameters: []
  tls:
    enabled: true
    servicePort: 8444
    containerPort: 8444
    parameters:
    - http2
    client:
      caBundle: ""
      secretName: ""
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
status:
  enabled: true
  http:
    enabled: true
    containerPort: 8100
    parameters: []
  tls:
    enabled: false
    containerPort: 8543
    parameters: []
clusterCaSecretName: ""
cluster:
  enabled: false
  annotations: {}
  labels: {}
  tls:
    enabled: false
    servicePort: 8005
    containerPort: 8005
    parameters: []
  type: ClusterIP
  loadBalancerClass:
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
proxy:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  nameOverride: ""
  annotations: {}
  labels:
    enable-metrics: "true"
  http:
    enabled: true
    servicePort: 80
    containerPort: 8000
    parameters: []
  tls:
    enabled: true
    servicePort: 443
    containerPort: 8443
    parameters:
    - http2
  stream: []
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations: {}
    labels: {}
    hostname: newerapi.dev-hub.myawesomecompany.com
    path: /
    pathType: ImplementationSpecific
    hosts: []
udpProxy:
  enabled: false
  type: LoadBalancer
  loadBalancerClass:
  annotations: {}
  labels: {}
  stream: []
plugins: {}
secretVolumes: []
migrations:
  preUpgrade: true
  postUpgrade: true
  annotations:
    sidecar.istio.io/inject: false
  jobAnnotations: {}
  backoffLimit:
  resources: {}
dblessConfig:
  configMap: ""
  secret: ""
  config: |
ingressController:
  enabled: false
  image:
    repository: kong/kubernetes-ingress-controller
    tag: "3.0"
    effectiveSemver:
  args: []
  gatewayDiscovery:
    enabled: false
    generateAdminApiService: false
    adminApiService:
      namespace: ""
      name: ""
  watchNamespaces: []
  env:
    kong_admin_tls_skip_verify: true
  admissionWebhook:
    enabled: true
    failurePolicy: Ignore
    port: 8080
    certificate:
      provided: false
    namespaceSelector: {}
    service:
      labels: {}
  ingressClass: kong
  ingressClassAnnotations: {}
  rbac:
    create: true
  livenessProbe:
    httpGet:
      path: "/healthz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 5
    timeoutSeconds: 5
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    httpGet:
      path: "/readyz"
      port: 10254
      scheme: HTTP
    initialDelaySeconds: 5
    timeoutSeconds: 5
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  resources: {}
  konnect:
    enabled: false
    runtimeGroupID: ""
    apiHostname: "us.kic.api.konghq.com"
    tlsClientCertSecretName: "konnect-client-tls"
    license:
      enabled: false
  adminApi:
    tls:
      client:
        enabled: false
        certProvided: false
        secretName: ""
        caSecretName: ""
postgresql:
  enabled: false
  auth:
    username: kong
    database: kong
  image:
    tag: 13.11.0-debian-11-r20
  service:
    ports:
      postgresql: "5432"
certificates:
  enabled: false
  issuer: ""
  clusterIssuer: ""
  proxy:
    enabled: false
    issuer: ""
    clusterIssuer: ""
    commonName: "app.example"
    dnsNames: []
  admin:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "kong.example"
    dnsNames: []
  portal:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "developer.example"
    dnsNames: []
  cluster:
    enabled: true
    issuer: ""
    clusterIssuer: ""
    commonName: "kong_clustering"
    dnsNames: []
waitImage:
  enabled: true
  pullPolicy: IfNotPresent
updateStrategy: {}
resources: {}
readinessProbe:
  httpGet:
    path: "/status/ready"
    port: status
    scheme: HTTP
  initialDelaySeconds: 5
  timeoutSeconds: 5
  periodSeconds: 10
  successThreshold: 1
  failureThreshold: 3
livenessProbe:
  httpGet:
    path: "/status"
    port: status
    scheme: HTTP
  initialDelaySeconds: 5
  timeoutSeconds: 5
  periodSeconds: 10
  successThreshold: 1
  failureThreshold: 3
lifecycle:
  preStop:
    exec:
      command:
        - kong
        - quit
        - '--wait=15'
terminationGracePeriodSeconds: 30
tolerations: []
nodeSelector: {}
podAnnotations:
  kuma.io/gateway: enabled
  traffic.sidecar.istio.io/includeInboundPorts: ""
podLabels: {}
replicaCount: 1
deploymentAnnotations: {}
autoscaling:
  enabled: false
  minReplicas: 2
  maxReplicas: 5
  behavior: {}
  targetCPUUtilizationPercentage:
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 80
podDisruptionBudget:
  enabled: false
podSecurityPolicy:
  enabled: false
  labels: {}
  annotations: {}
  spec:
    privileged: false
    fsGroup:
      rule: RunAsAny
    runAsUser:
      rule: RunAsAny
    runAsGroup:
      rule: RunAsAny
    seLinux:
      rule: RunAsAny
    supplementalGroups:
      rule: RunAsAny
    volumes:
      - 'configMap'
      - 'secret'
      - 'emptyDir'
      - 'projected'
    allowPrivilegeEscalation: false
    hostNetwork: false
    hostIPC: false
    hostPID: false
    readOnlyRootFilesystem: true
priorityClassName: ""
securityContext: {}
containerSecurityContext:
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  runAsUser: 1000
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
    - ALL
serviceMonitor:
  enabled: false
enterprise:
  enabled: false
  vitals:
    enabled: true
  portal:
    enabled: false
  rbac:
    enabled: false
    admin_gui_auth: basic-auth
    session_conf_secret: kong-session-config
    admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
  smtp:
    enabled: false
    portal_emails_from: none@example.com
    portal_emails_reply_to: none@example.com
    admin_emails_from: none@example.com
    admin_emails_reply_to: none@example.com
    smtp_admin_emails: none@example.com
    smtp_host: smtp.example.com
    smtp_port: 587
    smtp_auth_type: ''
    smtp_ssl: nil
    smtp_starttls: true
    auth:
      smtp_username: ''  # e.g. postmaster@example.com
      smtp_password_secret: CHANGEME-smtp-password
manager:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8002
    containerPort: 8002
    parameters: []
  tls:
    enabled: false
    servicePort: 8445
    containerPort: 8445
    parameters:
    - http2
  ingress:
    enabled: true
    ingressClassName: nginx
    hostname: kong.dev-hub.myawesomecompany.com
    annotations: {}
    path: /
    pathType: ImplementationSpecific
portal:
  enabled: false
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8003
    containerPort: 8003
    parameters: []
  tls:
    enabled: true
    servicePort: 8446
    containerPort: 8446
    parameters:
    - http2
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
portalapi:
  enabled: true
  type: ClusterIP
  loadBalancerClass:
  annotations: {}
  labels: {}
  http:
    enabled: true
    servicePort: 8004
    containerPort: 8004
    parameters: []
  tls:
    enabled: true
    servicePort: 8447
    containerPort: 8447
    parameters:
    - http2
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
clustertelemetry:
  enabled: false
  annotations: {}
  labels: {}
  tls:
    enabled: false
    servicePort: 8006
    containerPort: 8006
    parameters: []
  type: ClusterIP
  loadBalancerClass:
  ingress:
    enabled: false
    ingressClassName:
    hostname:
    annotations: {}
    path: /
    pathType: ImplementationSpecific
extraConfigMaps: []
extraSecrets: []
extraObjects: []

The pod(s) cannot be created: image

If I enable pre-post migrations, migrations are completed successfully but nothing changes, kong pod stucs same.

Thanks & Regards

tirelibirefe commented 10 months ago

Let's go on here.