Env not merged/override from .Values.env

israelshenkar commented 6 months ago

I have the following values.yaml:

# Basic values.yaml configuration for Kong for Kubernetes (with the ingress controller)

image:
  repository: kong
  tag: "3.5"

env:
  database: postgres
  pg_password: kong
  pg_host: 0.0.0.0
  pg_database: external_kong_db
  pg_port: 5432
  router_flavor: traditional_compatible
  admin_gui_access_log: /dev/stdout
  portal_api_access_log: /dev/stdout
  admin_gui_error_log: /dev/stderr
  portal_api_error_log: /dev/stderr
  prefix: /kong_prefix/
  proxy_listen: 0.0.0.0:8000 reuseport, 0.0.0.0:8443 ssl http2 reuseport
  port_maps: 80:8000, 443:8443
  admin_listen: 0.0.0.0:8001
  status_listen: 0.0.0.0:8100
  nginx_worker_processes: 8
  admin_access_log: /dev/stdout
  admin_error_log: /dev/stderr
  proxy_error_log: /dev/stderr
  proxy_access_log: "off"
  log_level: warn
  nginx_http_client_body_buffer_size: 1m
  headers: "off"
  anonymous_reports: "off"
  nginx_http_reset_timedout_connection: "on"
  nginx_http_sendfile: "on"
  nginx_http_tcp_nopush: "on"
  nginx_http_tcp_nodelay: "on"
  nginx_events_worker_connections: 300000
  nginx_main_worker_rlimit_nofile: 800000
  upstream_keepalive_idle_timeout: 300
  upstream_keepalive_pool_size: 5000
  upstream_keepalive_max_requests: 20000
  nginx_http_keepalive_requests: 20000
  nginx_http_keepalive_timeout: 300

ingressController:
  enabled: true
  gatewayDiscovery:
    enabled: true
    adminApiService:
      name: kong-kong-admin
  env:
    kong_admin_init_retries: 5
    kong_admin_init_retry_delay: "20s"

deployment:
  kong:
    enabled: false

# # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
resources: 
  limits:
   memory: 2G
  requests:
   cpu: 2
   memory: 2G

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: pool
              operator: In
              values:
                - some-pool

# Specify Kong proxy service configuration
proxy:
  # Enable creating a Kubernetes service for the proxy
  enabled: true
  type: LoadBalancer
  loadBalancerClass:
  # Override proxy Service name
  nameOverride: ""
  # To specify annotations or labels for the proxy service, add them to the respective
  # "annotations" or "labels" dictionaries below.
  annotations: {}
  labels:
    enable-metrics: "true"

  http:
    # Enable plaintext HTTP listen for the proxy
    enabled: true
    servicePort: 80
    containerPort: 8000
    # Set a nodePort which is available if service type is NodePort
    # nodePort: 32080
    # Additional listen parameters, e.g. "reuseport", "backlog=16384"
    parameters: 
      - reuseport

  tls:
    # Enable HTTPS listen for the proxy
    enabled: true
    servicePort: 443
    containerPort: 8443
    # Set a target port for the TLS port in proxy service
    # overrideServiceTargetPort: 8000
    # Set a nodePort which is available if service type is NodePort
    # nodePort: 32443
    # Additional listen parameters, e.g. "reuseport", "backlog=16384"
    parameters:
    - http2
    - reuseport

the expected result would be that the .env will be in the deployment container env, but for some reason it is not working, here is the deployment yaml:

# Source: kong/charts/kong/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kong-kong
  namespace:  kong
  labels:
    app.kubernetes.io/name: kong
    helm.sh/chart: kong-2.34.0
    app.kubernetes.io/instance: "kong"
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/version: "3.5"
    app.kubernetes.io/component: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: kong
      app.kubernetes.io/component: app
      app.kubernetes.io/instance: "kong"
  template:
    metadata:
      annotations:
        kuma.io/service-account-token-volume: kong-kong-token
        kuma.io/gateway: "enabled"
        traffic.sidecar.istio.io/includeInboundPorts: ""
      labels:
        app.kubernetes.io/name: kong
        helm.sh/chart: kong-2.34.0
        app.kubernetes.io/instance: "kong"
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/version: "3.5"
        app.kubernetes.io/component: app
        app: kong-kong
        version: "3.5"
    spec:
      serviceAccountName: kong-kong
      automountServiceAccountToken: false
      initContainers:
      - name: clear-stale-pid
        image: kong:3.5
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        resources:
          {}
        command:
        - "rm"
        - "-vrf"
        - "$KONG_PREFIX/pids"
        env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/?.lua;/opt/?/init.lua;;"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: "bundled"
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PORTAL_API_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PORT_MAPS
          value: "80:8000, 443:8443"
        - name: KONG_PREFIX
          value: "/kong_prefix/"
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PROXY_LISTEN
          value: "0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
        - name: KONG_PROXY_STREAM_ACCESS_LOG
          value: "/dev/stdout basic"
        - name: KONG_PROXY_STREAM_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ROUTER_FLAVOR
          value: "traditional"
        - name: KONG_STATUS_ACCESS_LOG
          value: "off"
        - name: KONG_STATUS_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_STATUS_LISTEN
          value: "0.0.0.0:8100, [::]:8100"
        - name: KONG_STREAM_LISTEN
          value: "off"
        volumeMounts:
        - name: kong-kong-prefix-dir
          mountPath: /kong_prefix/
        - name: kong-kong-tmp
          mountPath: /tmp
      containers:
      - name: ingress-controller
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        args:
        ports:
        - name: webhook
          containerPort: 8080
          protocol: TCP
        - name: cmetrics
          containerPort: 10255
          protocol: TCP
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
          value: "0.0.0.0:8080"
        - name: CONTROLLER_ELECTION_ID
          value: "kong-ingress-controller-leader-kong"
        - name: CONTROLLER_INGRESS_CLASS
          value: "kong"
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_KONG_ADMIN_URL
          value: "https://localhost:8444"
        - name: CONTROLLER_PUBLISH_SERVICE
          value: "kong-adx/kong-kong-proxy"
        image: kong/kubernetes-ingress-controller:3.0
        imagePullPolicy: IfNotPresent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          {}
        volumeMounts:
        - name: webhook-cert
          mountPath: /admission-webhook
          readOnly: true
        - name: kong-kong-token
          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          readOnly: true
      - name: "proxy"
        image: kong:3.5
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/?.lua;/opt/?/init.lua;;"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: "bundled"
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PORTAL_API_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PORT_MAPS
          value: "80:8000, 443:8443"
        - name: KONG_PREFIX
          value: "/kong_prefix/"
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PROXY_LISTEN
          value: "0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
        - name: KONG_PROXY_STREAM_ACCESS_LOG
          value: "/dev/stdout basic"
        - name: KONG_PROXY_STREAM_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ROUTER_FLAVOR
          value: "traditional"
        - name: KONG_STATUS_ACCESS_LOG
          value: "off"
        - name: KONG_STATUS_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_STATUS_LISTEN
          value: "0.0.0.0:8100, [::]:8100"
        - name: KONG_STREAM_LISTEN
          value: "off"
        - name: KONG_NGINX_DAEMON
          value: "off"
        lifecycle:
          preStop:
            exec:
              command:
              - kong
              - quit
              - --wait=15
        ports:
        - name: proxy
          containerPort: 8000
          protocol: TCP
        - name: proxy-tls
          containerPort: 8443
          protocol: TCP
        - name: status
          containerPort: 8100
          protocol: TCP
        volumeMounts:
          - name: kong-kong-prefix-dir
            mountPath: /kong_prefix/
          - name: kong-kong-tmp
            mountPath: /tmp
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status/ready
            port: status
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: status
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          {}
      securityContext:
        {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: kong-kong-prefix-dir
          emptyDir:
            sizeLimit: 256Mi
        - name: kong-kong-tmp
          emptyDir:
            sizeLimit: 1Gi
        - name: kong-kong-token
          projected:
            sources:
            - serviceAccountToken:
                expirationSeconds: 3607
                path: token
            - configMap:
                items:
                - key: ca.crt
                  path: ca.crt
                name: kube-root-ca.crt
            - downwardAPI:
                items:
                - fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
                  path: namespace
        - name: webhook-cert
          secret:
            secretName: kong-kong-validation-webhook-keypair

what am I missing here?

israelshenkar commented 6 months ago

@Kong/k8s-maintainers

wanglongsxr commented 3 months ago

I have the following values.yaml:

# Basic values.yaml configuration for Kong for Kubernetes (with the ingress controller)

image:
  repository: kong
  tag: "3.5"

env:
  database: postgres
  pg_password: kong
  pg_host: 0.0.0.0
  pg_database: external_kong_db
  pg_port: 5432
  router_flavor: traditional_compatible
  admin_gui_access_log: /dev/stdout
  portal_api_access_log: /dev/stdout
  admin_gui_error_log: /dev/stderr
  portal_api_error_log: /dev/stderr
  prefix: /kong_prefix/
  proxy_listen: 0.0.0.0:8000 reuseport, 0.0.0.0:8443 ssl http2 reuseport
  port_maps: 80:8000, 443:8443
  admin_listen: 0.0.0.0:8001
  status_listen: 0.0.0.0:8100
  nginx_worker_processes: 8
  admin_access_log: /dev/stdout
  admin_error_log: /dev/stderr
  proxy_error_log: /dev/stderr
  proxy_access_log: "off"
  log_level: warn
  nginx_http_client_body_buffer_size: 1m
  headers: "off"
  anonymous_reports: "off"
  nginx_http_reset_timedout_connection: "on"
  nginx_http_sendfile: "on"
  nginx_http_tcp_nopush: "on"
  nginx_http_tcp_nodelay: "on"
  nginx_events_worker_connections: 300000
  nginx_main_worker_rlimit_nofile: 800000
  upstream_keepalive_idle_timeout: 300
  upstream_keepalive_pool_size: 5000
  upstream_keepalive_max_requests: 20000
  nginx_http_keepalive_requests: 20000
  nginx_http_keepalive_timeout: 300

ingressController:
  enabled: true
  gatewayDiscovery:
    enabled: true
    adminApiService:
      name: kong-kong-admin
  env:
    kong_admin_init_retries: 5
    kong_admin_init_retry_delay: "20s"

deployment:
  kong:
    enabled: false

# # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
resources: 
  limits:
   memory: 2G
  requests:
   cpu: 2
   memory: 2G

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: pool
              operator: In
              values:
                - some-pool

# Specify Kong proxy service configuration
proxy:
  # Enable creating a Kubernetes service for the proxy
  enabled: true
  type: LoadBalancer
  loadBalancerClass:
  # Override proxy Service name
  nameOverride: ""
  # To specify annotations or labels for the proxy service, add them to the respective
  # "annotations" or "labels" dictionaries below.
  annotations: {}
  labels:
    enable-metrics: "true"

  http:
    # Enable plaintext HTTP listen for the proxy
    enabled: true
    servicePort: 80
    containerPort: 8000
    # Set a nodePort which is available if service type is NodePort
    # nodePort: 32080
    # Additional listen parameters, e.g. "reuseport", "backlog=16384"
    parameters: 
      - reuseport

  tls:
    # Enable HTTPS listen for the proxy
    enabled: true
    servicePort: 443
    containerPort: 8443
    # Set a target port for the TLS port in proxy service
    # overrideServiceTargetPort: 8000
    # Set a nodePort which is available if service type is NodePort
    # nodePort: 32443
    # Additional listen parameters, e.g. "reuseport", "backlog=16384"
    parameters:
    - http2
    - reuseport

the expected result would be that the .env will be in the deployment container env, but for some reason it is not working, here is the deployment yaml:

# Source: kong/charts/kong/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kong-kong
  namespace:  kong
  labels:
    app.kubernetes.io/name: kong
    helm.sh/chart: kong-2.34.0
    app.kubernetes.io/instance: "kong"
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/version: "3.5"
    app.kubernetes.io/component: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: kong
      app.kubernetes.io/component: app
      app.kubernetes.io/instance: "kong"
  template:
    metadata:
      annotations:
        kuma.io/service-account-token-volume: kong-kong-token
        kuma.io/gateway: "enabled"
        traffic.sidecar.istio.io/includeInboundPorts: ""
      labels:
        app.kubernetes.io/name: kong
        helm.sh/chart: kong-2.34.0
        app.kubernetes.io/instance: "kong"
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/version: "3.5"
        app.kubernetes.io/component: app
        app: kong-kong
        version: "3.5"
    spec:
      serviceAccountName: kong-kong
      automountServiceAccountToken: false
      initContainers:
      - name: clear-stale-pid
        image: kong:3.5
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        resources:
          {}
        command:
        - "rm"
        - "-vrf"
        - "$KONG_PREFIX/pids"
        env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/?.lua;/opt/?/init.lua;;"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: "bundled"
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PORTAL_API_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PORT_MAPS
          value: "80:8000, 443:8443"
        - name: KONG_PREFIX
          value: "/kong_prefix/"
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PROXY_LISTEN
          value: "0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
        - name: KONG_PROXY_STREAM_ACCESS_LOG
          value: "/dev/stdout basic"
        - name: KONG_PROXY_STREAM_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ROUTER_FLAVOR
          value: "traditional"
        - name: KONG_STATUS_ACCESS_LOG
          value: "off"
        - name: KONG_STATUS_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_STATUS_LISTEN
          value: "0.0.0.0:8100, [::]:8100"
        - name: KONG_STREAM_LISTEN
          value: "off"
        volumeMounts:
        - name: kong-kong-prefix-dir
          mountPath: /kong_prefix/
        - name: kong-kong-tmp
          mountPath: /tmp
      containers:
      - name: ingress-controller
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        args:
        ports:
        - name: webhook
          containerPort: 8080
          protocol: TCP
        - name: cmetrics
          containerPort: 10255
          protocol: TCP
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
          value: "0.0.0.0:8080"
        - name: CONTROLLER_ELECTION_ID
          value: "kong-ingress-controller-leader-kong"
        - name: CONTROLLER_INGRESS_CLASS
          value: "kong"
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_KONG_ADMIN_URL
          value: "https://localhost:8444"
        - name: CONTROLLER_PUBLISH_SERVICE
          value: "kong-adx/kong-kong-proxy"
        image: kong/kubernetes-ingress-controller:3.0
        imagePullPolicy: IfNotPresent
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          {}
        volumeMounts:
        - name: webhook-cert
          mountPath: /admission-webhook
          readOnly: true
        - name: kong-kong-token
          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          readOnly: true
      - name: "proxy"
        image: kong:3.5
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault
        env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/?.lua;/opt/?/init.lua;;"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: "bundled"
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PORTAL_API_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PORT_MAPS
          value: "80:8000, 443:8443"
        - name: KONG_PREFIX
          value: "/kong_prefix/"
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PROXY_LISTEN
          value: "0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
        - name: KONG_PROXY_STREAM_ACCESS_LOG
          value: "/dev/stdout basic"
        - name: KONG_PROXY_STREAM_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ROUTER_FLAVOR
          value: "traditional"
        - name: KONG_STATUS_ACCESS_LOG
          value: "off"
        - name: KONG_STATUS_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_STATUS_LISTEN
          value: "0.0.0.0:8100, [::]:8100"
        - name: KONG_STREAM_LISTEN
          value: "off"
        - name: KONG_NGINX_DAEMON
          value: "off"
        lifecycle:
          preStop:
            exec:
              command:
              - kong
              - quit
              - --wait=15
        ports:
        - name: proxy
          containerPort: 8000
          protocol: TCP
        - name: proxy-tls
          containerPort: 8443
          protocol: TCP
        - name: status
          containerPort: 8100
          protocol: TCP
        volumeMounts:
          - name: kong-kong-prefix-dir
            mountPath: /kong_prefix/
          - name: kong-kong-tmp
            mountPath: /tmp
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status/ready
            port: status
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: status
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          {}
      securityContext:
        {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: kong-kong-prefix-dir
          emptyDir:
            sizeLimit: 256Mi
        - name: kong-kong-tmp
          emptyDir:
            sizeLimit: 1Gi
        - name: kong-kong-token
          projected:
            sources:
            - serviceAccountToken:
                expirationSeconds: 3607
                path: token
            - configMap:
                items:
                - key: ca.crt
                  path: ca.crt
                name: kube-root-ca.crt
            - downwardAPI:
                items:
                - fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
                  path: namespace
        - name: webhook-cert
          secret:
            secretName: kong-kong-validation-webhook-keypair

what am I missing here? I had the same problem. How did you solve it

Kong / charts

Env not merged/override from .Values.env #991