├── .github └── ISSUE_TEMPLATE.md ├── .gitignore ├── .travis.yml ├── Makefile ├── README.md ├── cassandra-service.yaml ├── cassandra-statefulset.yaml ├── cluster.jinja ├── cluster.jinja.schema ├── cluster.yaml ├── declarative.yaml ├── ee-trial ├── README.md ├── kong_trial_migration_postgres.yaml └── kong_trial_postgres.yaml ├── kong-control-plane-cassandra.yaml ├── kong-control-plane-postgres.yaml ├── kong-dbless.yaml ├── kong-ingress-data-plane-cassandra.yaml ├── kong-ingress-data-plane-postgres.yaml ├── kong-namespace.yaml ├── postgres.yaml ├── run_tests.sh ├── setup_certificate.sh └── setup_sidecar_injector.sh /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | NOTE: GitHub issues are reserved for **bug reports only**. For anything else, 2 | please join the conversation in Kong Nation https://discuss.konghq.com/. 3 | 4 | Please read the README.md guidelines to learn on which channels you can 5 | seek for help and ask general questions: 6 | 7 | https://github.com/Kong/kong-dist-kubernetes/blob/master/README.md 8 | 9 | ### Summary 10 | 11 | SUMMARY_GOES_HERE 12 | 13 | ### Steps To Reproduce 14 | 15 | 1. 16 | 2. 17 | 3. 18 | 4. 19 | 20 | ### Additional Details & Logs 21 | 22 | - Kong version (`$ kong version`) 23 | - Kong debug-level startup logs (`$ kong start --vv`) 24 | - Kong error logs (`/logs/error.log`) 25 | - Kong configuration (the output of a GET request to Kong's Admin port - see 26 | https://getkong.org/docs/latest/admin-api/#endpoint) 27 | - Operating system 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | kong-build-tools 3 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | dist: xenial 2 | sudo: false 3 | 4 | language: generic 5 | 6 | env: 7 | matrix: 8 | - K8S_VERSION=v1.16.3 KONG_TEST_DATABASE=postgres 9 | - K8S_VERSION=v1.16.3 KONG_TEST_DATABASE=cassandra 10 | - K8S_VERSION=v1.15.6 KONG_TEST_DATABASE=postgres 11 | - K8S_VERSION=v1.15.6 KONG_TEST_DATABASE=cassandra 12 | - K8S_VERSION=v1.14.9 KONG_TEST_DATABASE=postgres 13 | - K8S_VERSION=v1.13.10 KONG_TEST_DATABASE=postgres 14 | - K8S_VERSION=v1.12.9 KONG_TEST_DATABASE=postgres 15 | - K8S_VERSION=v1.11.10 KONG_TEST_DATABASE=postgres 16 | matrix: 17 | allow_failures: 18 | - env: K8S_VERSION=v1.15.6 KONG_TEST_DATABASE=cassandra 19 | - env: K8S_VERSION=v1.16.3 KONG_TEST_DATABASE=cassandra 20 | 21 | 22 | install: 23 | - make setup-kong-build-tools 24 | - pushd kong-build-tools && make setup-ci && make setup-tests && popd 25 | 26 | script: 27 | - make test 28 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | KONG_BUILD_TOOLS?=2.0.6 2 | KONG_TEST_DATABASE?=postgres 3 | 4 | setup-kong-build-tools: 5 | -rm -rf kong-build-tools; \ 6 | git clone https://github.com/Kong/kong-build-tools.git; fi 7 | cd kong-build-tools; \ 8 | git reset --hard ${KONG_BUILD_TOOLS}; \ 9 | 10 | test: 11 | ./run_tests.sh 12 | 13 | k8s_setup: 14 | kubectl apply -f kong-namespace.yaml 15 | -./setup_certificate.sh 16 | 17 | run_dbless: k8s_setup 18 | -kubectl create configmap kongdeclarative -n kong --from-file=declarative.yaml 19 | kubectl create configmap kongdeclarative -n kong --from-file=declarative.yaml -o yaml --dry-run | kubectl replace -n kong -f - 20 | kubectl apply -f kong-dbless.yaml 21 | kubectl patch deployment kong-dbless -n kong -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"declarative\":\"`md5sum declarative.yaml | awk '{ print $$1 }'`\"}}}}}}" 22 | 23 | run_cassandra: k8s_setup 24 | kubectl apply -f cassandra-service.yaml 25 | kubectl apply -f cassandra-statefulset.yaml 26 | kubectl -n kong apply -f kong-control-plane-cassandra.yaml 27 | kubectl -n kong apply -f kong-ingress-data-plane-cassandra.yaml 28 | 29 | run_postgres: k8s_setup 30 | kubectl -n kong apply -f postgres.yaml 31 | kubectl -n kong apply -f kong-control-plane-postgres.yaml 32 | kubectl -n kong apply -f kong-ingress-data-plane-postgres.yaml 33 | 34 | cleanup: 35 | -kubectl -n kong delete -f cassandra-service.yaml 36 | -kubectl -n kong delete -f cassandra-statefulset.yaml 37 | -kubectl -n kong delete -f postgres.yaml 38 | -kubectl -n kong delete -f kong-control-plane-cassandra.yaml 39 | -kubectl -n kong delete -f kong-control-plane-postgres.yaml 40 | -kubectl -n kong delete -f kong-ingress-data-plane-cassandra.yaml 41 | -kubectl -n kong delete -f kong-ingress-data-plane-postgres.yaml 42 | -kubectl -n kong delete -f kong-dbless.yaml 43 | -kubectl -n kong delete configmap kongdeclarative 44 | -kubectl certificate approve kong-control-plane.kong.svc 45 | -kubectl delete csr kong-control-plane.kong.svc 46 | kubectl delete -f kong-namespace.yaml -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DEPRECATED 2 | 3 | This repository has been deprecated. 4 | Please use docs for 5 | [Kong for Kubernetes](https://docs.konghq.com/1.4.x/kong-for-kubernetes/) 6 | for installation and configuration of Kong on Kubernetes. 7 | 8 | # [KONG][website-url] :heavy_plus_sign: [Kubernetes Deployment](http://kubernetes.io/) 9 | 10 | [![Website][website-badge]][website-url] 11 | [![Documentation][documentation-badge]][documentation-url] 12 | [![Discussion][discussion-badge]][discussion-url] 13 | 14 | [![][kong-logo]][website-url] 15 | 16 | Kong or Kong Enterprise can easily be provisioned 17 | on a Kubernetes cluster - see [Kong on Kubernetes](https://docs.konghq.com/install/kubernetes) for all the details. 18 | 19 | ## Important Note 20 | 21 | When deploying into a Kubernetes cluster with Deployment Manager, it is 22 | important to be aware that deleting `ReplicationController` Kubernetes objects 23 | **does not delete its underlying pods**, and it is your responisibility to 24 | manage the destruction of these resources when deleting or updating a 25 | `ReplicationController` in your configuration. 26 | 27 | ## Kong Enterprise 28 | 29 | Kong Enterprise is our powerful offering for larger organizations in need of security, monitoring, 30 | compliance, developer onboarding, higher performance, granular access and a dashboard to manage 31 | Kong easily. Learn more at https://konghq.com/kong-enterprise/. 32 | 33 | ## Usage 34 | 35 | Assuming the prerequisite of access to a k8s cluster via kubectl 36 | 37 | ``` 38 | make run_ 39 | ``` 40 | 41 | Expose the admin api 42 | ``` 43 | kubectl port-forward -n kong svc/kong-control-plane 8001:8001 44 | curl localhost:8001 45 | ``` 46 | 47 | Access the proxy 48 | ``` 49 | export HOST=$(kubectl get nodes --namespace default -o jsonpath='{.items[0].status.addresses[0].address}') 50 | export PROXY_PORT=$(kubectl get svc --namespace kong kong-ingress-data-plane -o jsonpath='{.spec.ports[0].nodePort}') 51 | curl $HOST:$PROXY_PORT 52 | ``` 53 | 54 | Cleanup 55 | ``` 56 | make cleanup 57 | ``` 58 | 59 | ## Usage 60 | 61 | Assuming the prerequisite of access to a k8s cluster via kubectl 62 | 63 | ``` 64 | make run_ 65 | ``` 66 | 67 | Expose the admin api 68 | ``` 69 | kubectl port-forward -n kong svc/kong-control-plane 8001:8001 & 70 | curl localhost:8001 71 | ``` 72 | 73 | Access the proxy 74 | ``` 75 | export HOST=$(kubectl get nodes --namespace default -o jsonpath='{.items[0].status.addresses[0].address}') 76 | export PROXY_PORT=$(kubectl get svc --namespace kong kong-ingress-data-plane -o jsonpath='{.spec.ports[0].nodePort}') 77 | curl $HOST:$PROXY_PORT 78 | ``` 79 | 80 | If using dbless/declarative the `declarative.yaml` file is mounted as a config 81 | map onto the Kong containers. We use the md5sum of `declarative.yaml` file to 82 | update the deployment but per [Facilitate ConfigMap rollouts / management](https://github.com/kubernetes/kubernetes/issues/22368) for production setups 83 | one would might be best to use helm, kustomize or [reloader](https://github.com/stakater/reloader). 84 | 85 | Cleanup 86 | ``` 87 | make cleanup 88 | ``` 89 | 90 | [kong-logo]: https://konghq.com/wp-content/uploads/2017/10/kong-cover@2x-1.png 91 | [website-url]: https://konghq.com/ 92 | [website-badge]: https://img.shields.io/badge/GETKong.org-Learn%20More-43bf58.svg 93 | [documentation-url]: https://docs.konghq.com/ 94 | [documentation-badge]: https://img.shields.io/badge/Documentation-Read%20Online-green.svg 95 | [discussion-badge]: https://img.shields.io/badge/Discuss-Join%20Kong%20Nation-blue.svg 96 | [discussion-url]: https://discuss.konghq.com/ 97 | -------------------------------------------------------------------------------- /cassandra-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: cassandra 6 | name: cassandra 7 | spec: 8 | clusterIP: None 9 | ports: 10 | - port: 9042 11 | selector: 12 | app: cassandra 13 | -------------------------------------------------------------------------------- /cassandra-statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: cassandra 5 | labels: 6 | app: cassandra 7 | spec: 8 | serviceName: cassandra 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: cassandra 13 | template: 14 | metadata: 15 | labels: 16 | app: cassandra 17 | spec: 18 | terminationGracePeriodSeconds: 1800 19 | containers: 20 | - name: cassandra 21 | image: gcr.io/google-samples/cassandra:v13 22 | imagePullPolicy: Always 23 | ports: 24 | - containerPort: 7000 25 | name: intra-node 26 | - containerPort: 7001 27 | name: tls-intra-node 28 | - containerPort: 7199 29 | name: jmx 30 | - containerPort: 9042 31 | name: cql 32 | resources: 33 | limits: 34 | cpu: "500m" 35 | memory: 1Gi 36 | requests: 37 | cpu: "500m" 38 | memory: 1Gi 39 | securityContext: 40 | capabilities: 41 | add: 42 | - IPC_LOCK 43 | lifecycle: 44 | preStop: 45 | exec: 46 | command: 47 | - /bin/sh 48 | - -c 49 | - nodetool drain 50 | env: 51 | - name: MAX_HEAP_SIZE 52 | value: 512M 53 | - name: HEAP_NEWSIZE 54 | value: 100M 55 | - name: CASSANDRA_SEEDS 56 | value: "cassandra-0.cassandra.default.svc.cluster.local" 57 | - name: CASSANDRA_CLUSTER_NAME 58 | value: "K8Demo" 59 | - name: CASSANDRA_DC 60 | value: "DC1-K8Demo" 61 | - name: CASSANDRA_RACK 62 | value: "Rack1-K8Demo" 63 | - name: POD_IP 64 | valueFrom: 65 | fieldRef: 66 | fieldPath: status.podIP 67 | readinessProbe: 68 | exec: 69 | command: 70 | - /bin/bash 71 | - -c 72 | - /ready-probe.sh 73 | initialDelaySeconds: 15 74 | timeoutSeconds: 5 75 | # These volume mounts are persistent. They are like inline claims, 76 | # but not exactly because the names need to match exactly one of 77 | # the stateful pod volumes. 78 | volumeMounts: 79 | - name: cassandra-data 80 | mountPath: /cassandra_data 81 | # These are converted to volume claims by the controller 82 | # and mounted at the paths mentioned above. 83 | # do not use these in production until ssd GCEPersistentDisk or other ssd pd 84 | volumeClaimTemplates: 85 | - metadata: 86 | name: cassandra-data 87 | spec: 88 | accessModes: [ "ReadWriteOnce" ] 89 | resources: 90 | requests: 91 | storage: 1Gi 92 | --- 93 | kind: StorageClass 94 | apiVersion: storage.k8s.io/v1 95 | metadata: 96 | name: fast 97 | provisioner: k8s.io/minikube-hostpath 98 | parameters: 99 | type: pd-ssd 100 | -------------------------------------------------------------------------------- /cluster.jinja: -------------------------------------------------------------------------------- 1 | {% set CLUSTER_NAME = env['name'] %} 2 | {% set TYPE_NAME = CLUSTER_NAME + '-type' %} 3 | 4 | resources: 5 | - name: {{ CLUSTER_NAME }} 6 | type: container.v1.cluster 7 | properties: 8 | zone: {{ properties['zone'] }} 9 | cluster: 10 | name: {{ CLUSTER_NAME }} 11 | initialNodeCount: {{ properties['numNodes'] }} 12 | nodeConfig: 13 | machine_type: {{ properties['machineType'] }} 14 | oauthScopes: 15 | - https://www.googleapis.com/auth/compute 16 | - https://www.googleapis.com/auth/devstorage.read_only 17 | - https://www.googleapis.com/auth/logging.write 18 | - https://www.googleapis.com/auth/monitoring 19 | masterAuth: 20 | username: {{ properties['username'] }} 21 | password: {{ properties['password'] }} 22 | -------------------------------------------------------------------------------- /cluster.jinja.schema: -------------------------------------------------------------------------------- 1 | info: 2 | title: Kong cluster 3 | description: | 4 | Creates a GKE cluster and associated type for use in DM. The type can be 5 | used in other DM configurations in the following manner: 6 | 7 | "type: :/api/v1/namespaces/{namespace}/services" 8 | 9 | required: 10 | - zone 11 | - username 12 | - password 13 | 14 | properties: 15 | zone: 16 | type: string 17 | description: Zone in which the cluster should run. 18 | default: us-east1-b 19 | machineType: 20 | type: string 21 | description: Type of GCE instance to use. 22 | default: n1-standard-2 23 | numNodes: 24 | type: integer 25 | description: Number of nodes desired in the cluster. 26 | default: 3 27 | username: 28 | type: string 29 | description: Basic auth username for interacting with the Kubernetes API. 30 | password: 31 | type: string 32 | description: Basic auth password for interacting with the Kubernetes API. 33 | -------------------------------------------------------------------------------- /cluster.yaml: -------------------------------------------------------------------------------- 1 | imports: 2 | - path: cluster.jinja 3 | 4 | resources: 5 | - name: kong-cluster 6 | type: cluster.jinja 7 | properties: 8 | zone: us-east1-b 9 | username: admin 10 | password: password12345 11 | machineType: n1-standard-2 12 | numNodes: 2 13 | -------------------------------------------------------------------------------- /declarative.yaml: -------------------------------------------------------------------------------- 1 | _format_version: "1.1" 2 | 3 | services: 4 | - name: my-service 5 | url: https://example.com 6 | plugins: 7 | - name: key-auth 8 | routes: 9 | - name: my-route 10 | paths: 11 | - / 12 | 13 | consumers: 14 | - username: my-user 15 | keyauth_credentials: 16 | - key: my-key 17 | -------------------------------------------------------------------------------- /ee-trial/README.md: -------------------------------------------------------------------------------- 1 | These deployment YAML files are adapted for use with Kong Enterprise Edition (EE) trials. 2 | 3 | See more details at https://getkong.org/install/kubernetes/ 4 | -------------------------------------------------------------------------------- /ee-trial/kong_trial_migration_postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: kong-migration 5 | spec: 6 | template: 7 | metadata: 8 | name: kong-migration 9 | spec: 10 | containers: 11 | - name: kong-migration 12 | image: kong-ee 13 | env: 14 | - name: KONG_NGINX_DAEMON 15 | value: 'off' 16 | - name: KONG_PG_PASSWORD 17 | value: kong 18 | - name: KONG_PG_HOST 19 | value: postgres.default.svc.cluster.local 20 | - name: KONG_LICENSE_DATA 21 | value: 'YOUR_LICENSE_HERE' 22 | command: [ "/bin/sh", "-c", "kong migrations up" ] 23 | restartPolicy: Never 24 | -------------------------------------------------------------------------------- /ee-trial/kong_trial_postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kong-proxy 5 | spec: 6 | type: LoadBalancer 7 | loadBalancerSourceRanges: 8 | - 0.0.0.0/0 9 | ports: 10 | - name: kong-proxy 11 | port: 8000 12 | targetPort: 8000 13 | protocol: TCP 14 | selector: 15 | app: kong 16 | 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: kong-proxy-ssl 22 | spec: 23 | type: LoadBalancer 24 | loadBalancerSourceRanges: 25 | - 0.0.0.0/0 26 | ports: 27 | - name: kong-proxy-ssl 28 | port: 8443 29 | targetPort: 8443 30 | protocol: TCP 31 | selector: 32 | app: kong 33 | 34 | --- 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: kong-admin 39 | spec: 40 | type: LoadBalancer 41 | loadBalancerSourceRanges: 42 | - 0.0.0.0/0 43 | ports: 44 | - name: kong-admin 45 | port: 8001 46 | targetPort: 8001 47 | protocol: TCP 48 | - name: kong-admin-gui 49 | port: 8002 50 | targetPort: 8002 51 | protocol: TCP 52 | selector: 53 | app: kong 54 | 55 | --- 56 | apiVersion: v1 57 | kind: Service 58 | metadata: 59 | name: kong-admin-ssl 60 | spec: 61 | type: LoadBalancer 62 | loadBalancerSourceRanges: 63 | - 0.0.0.0/0 64 | ports: 65 | - name: kong-admin-ssl 66 | port: 8444 67 | targetPort: 8444 68 | protocol: TCP 69 | - name: kong-admin-gui-ssl 70 | port: 8445 71 | targetPort: 8445 72 | protocol: TCP 73 | selector: 74 | app: kong 75 | 76 | --- 77 | apiVersion: v1 78 | kind: Service 79 | metadata: 80 | name: kong-dev-portal 81 | spec: 82 | type: LoadBalancer 83 | loadBalancerSourceRanges: 84 | - 0.0.0.0/0 85 | ports: 86 | - name: kong-dev-portal 87 | port: 8003 88 | targetPort: 8003 89 | protocol: TCP 90 | selector: 91 | app: kong 92 | 93 | --- 94 | apiVersion: apps/v1 95 | kind: Deployment 96 | metadata: 97 | name: kong-rc 98 | spec: 99 | replicas: 3 100 | template: 101 | metadata: 102 | labels: 103 | name: kong-rc 104 | app: kong 105 | spec: 106 | containers: 107 | - name: kong 108 | image: kong-ee 109 | env: 110 | - name: KONG_ADMIN_LISTEN 111 | value: 0.0.0.0:8001 112 | - name: KONG_ADMIN_LISTEN_SSL 113 | value: 0.0.0.0:8444 114 | - name: KONG_PG_PASSWORD 115 | value: kong 116 | - name: KONG_PG_HOST 117 | value: postgres 118 | - name: KONG_PROXY_ACCESS_LOG 119 | value: "/dev/stdout" 120 | - name: KONG_ADMIN_ACCESS_LOG 121 | value: "/dev/stdout" 122 | - name: KONG_PROXY_ERROR_LOG 123 | value: "/dev/stderr" 124 | - name: KONG_ADMIN_ERROR_LOG 125 | value: "/dev/stderr" 126 | - name: KONG_VITALS 127 | value: "on" 128 | - name: KONG_PORTAL 129 | value: "on" 130 | - name: KONG_PORTAL_GUI_URI 131 | value: 0.0.0.0:8003 132 | - name: KONG_LICENSE_DATA 133 | value: 'YOUR_LICENSE_HERE' 134 | ports: 135 | - name: admin 136 | containerPort: 8001 137 | containerPort: 8002 138 | protocol: TCP 139 | - name: dev-portal 140 | containerPort: 8003 141 | protocol: TCP 142 | - name: proxy 143 | containerPort: 8000 144 | protocol: TCP 145 | - name: proxy-ssl 146 | containerPort: 8443 147 | protocol: TCP 148 | - name: admin-ssl 149 | containerPort: 8444 150 | containerPort: 8445 151 | protocol: TCP 152 | -------------------------------------------------------------------------------- /kong-control-plane-cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: kong 5 | name: kong 6 | labels: 7 | app: kong 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: Role 11 | metadata: 12 | namespace: kong 13 | name: kong 14 | labels: 15 | app: kong 16 | rules: 17 | - apiGroups: 18 | - "" 19 | resources: 20 | - secrets 21 | verbs: 22 | - get 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1beta1 25 | kind: RoleBinding 26 | metadata: 27 | namespace: kong 28 | name: kong 29 | labels: 30 | app: kong 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: Role 34 | name: kong 35 | subjects: 36 | - kind: ServiceAccount 37 | namespace: kong 38 | name: kong 39 | --- 40 | apiVersion: apps/v1 41 | kind: Deployment 42 | metadata: 43 | namespace: kong 44 | name: kong-control-plane 45 | labels: 46 | app: kong-control-plane 47 | spec: 48 | selector: 49 | matchLabels: 50 | app: kong-control-plane 51 | strategy: 52 | rollingUpdate: 53 | maxSurge: 1 54 | maxUnavailable: 0 55 | type: RollingUpdate 56 | template: 57 | metadata: 58 | annotations: 59 | k8s.konghq.com/sidecar-inject: "false" 60 | prometheus.io/port: "8001" 61 | prometheus.io/scrape: "true" 62 | labels: 63 | app: kong-control-plane 64 | spec: 65 | serviceAccountName: kong 66 | initContainers: 67 | - name: kong-migration 68 | image: kong 69 | imagePullPolicy: IfNotPresent 70 | env: 71 | - name: KONG_DATABASE 72 | value: cassandra 73 | - name: KONG_CASSANDRA_CONTACT_POINTS 74 | value: cassandra.default.svc 75 | - name: KONG_CASSANDRA_KEYSPACE 76 | value: kong 77 | - name: KONG_NGINX_WORKER_PROCESSES 78 | value: "1" 79 | command: [ "kong", "migrations", "bootstrap" ] 80 | - name: kong-migration-up 81 | image: kong 82 | imagePullPolicy: IfNotPresent 83 | env: 84 | - name: KONG_PG_PASSWORD 85 | value: kong 86 | - name: KONG_PG_HOST 87 | value: postgres.kong.svc 88 | command: [ "kong", "migrations", "up" ] 89 | containers: 90 | - name: kong-control-plane 91 | image: kong 92 | imagePullPolicy: IfNotPresent 93 | env: 94 | - name: KONG_DATABASE 95 | value: cassandra 96 | - name: KONG_CASSANDRA_CONTACT_POINTS 97 | value: cassandra.default.svc 98 | - name: KONG_CASSANDRA_KEYSPACE 99 | value: kong 100 | - name: KONG_LOG_LEVEL 101 | value: notice 102 | - name: KONG_ADMIN_ACCESS_LOG 103 | value: /dev/stdout 104 | - name: KONG_PROXY_ERROR_LOG 105 | value: /dev/stderr 106 | - name: KONG_ADMIN_ERROR_LOG 107 | value: /dev/stderr 108 | - name: KONG_ADMIN_LISTEN 109 | value: 0.0.0.0:8001,0.0.0.0:8444 ssl 110 | - name: KONG_PROXY_LISTEN 111 | value: 'off' 112 | - name: KONG_ADMIN_SSL_CERT 113 | value: /api-server-cert/tls.crt 114 | - name: KONG_ADMIN_SSL_CERT_KEY 115 | value: /api-server-cert/tls.key 116 | - name: KONG_NGINX_WORKER_PROCESSES 117 | value: "1" 118 | volumeMounts: 119 | - name: api-server-cert 120 | mountPath: /api-server-cert 121 | ports: 122 | - name: admin-http 123 | containerPort: 8001 124 | - name: admin-https 125 | containerPort: 8444 126 | livenessProbe: 127 | failureThreshold: 3 128 | httpGet: 129 | path: /status 130 | port: 8001 131 | scheme: HTTP 132 | initialDelaySeconds: 30 133 | periodSeconds: 10 134 | successThreshold: 1 135 | timeoutSeconds: 1 136 | readinessProbe: 137 | failureThreshold: 3 138 | httpGet: 139 | path: /status 140 | port: 8001 141 | scheme: HTTP 142 | periodSeconds: 10 143 | successThreshold: 1 144 | timeoutSeconds: 1 145 | volumes: 146 | - name: api-server-cert 147 | secret: 148 | secretName: kong-control-plane.kong.svc 149 | --- 150 | apiVersion: v1 151 | kind: Service 152 | metadata: 153 | namespace: kong 154 | name: kong-control-plane 155 | spec: 156 | type: ClusterIP 157 | ports: 158 | - port: 8001 159 | selector: 160 | app: kong-control-plane 161 | 162 | -------------------------------------------------------------------------------- /kong-control-plane-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: kong 5 | name: kong 6 | labels: 7 | app: kong 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: Role 11 | metadata: 12 | namespace: kong 13 | name: kong 14 | labels: 15 | app: kong 16 | rules: 17 | - apiGroups: 18 | - "" 19 | resources: 20 | - secrets 21 | verbs: 22 | - get 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1beta1 25 | kind: RoleBinding 26 | metadata: 27 | namespace: kong 28 | name: kong 29 | labels: 30 | app: kong 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: Role 34 | name: kong 35 | subjects: 36 | - kind: ServiceAccount 37 | namespace: kong 38 | name: kong 39 | --- 40 | apiVersion: apps/v1 41 | kind: Deployment 42 | metadata: 43 | namespace: kong 44 | name: kong-control-plane 45 | labels: 46 | app: kong-control-plane 47 | spec: 48 | selector: 49 | matchLabels: 50 | app: kong-control-plane 51 | strategy: 52 | rollingUpdate: 53 | maxSurge: 1 54 | maxUnavailable: 0 55 | type: RollingUpdate 56 | template: 57 | metadata: 58 | annotations: 59 | k8s.konghq.com/sidecar-inject: "false" 60 | prometheus.io/port: "8001" 61 | prometheus.io/scrape: "true" 62 | labels: 63 | app: kong-control-plane 64 | spec: 65 | serviceAccountName: kong 66 | initContainers: 67 | - name: wait-for-postgres 68 | image: busybox:latest 69 | imagePullPolicy: IfNotPresent 70 | env: 71 | - name: KONG_PG_PORT 72 | value: "5432" 73 | - name: KONG_PG_HOST 74 | value: postgres.kong.svc 75 | command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] 76 | - name: kong-migration-up 77 | image: kong 78 | imagePullPolicy: IfNotPresent 79 | env: 80 | - name: KONG_PG_PASSWORD 81 | value: kong 82 | - name: KONG_PG_HOST 83 | value: postgres.kong.svc 84 | - name: KONG_NGINX_WORKER_PROCESSES 85 | value: "1" 86 | command: [ "/bin/sh", "-c", "kong migrations up && kong migrations finish" ] 87 | containers: 88 | - name: kong-control-plane 89 | image: kong 90 | imagePullPolicy: IfNotPresent 91 | env: 92 | - name: KONG_PG_PASSWORD 93 | value: kong 94 | - name: KONG_PG_HOST 95 | value: postgres.kong.svc 96 | - name: KONG_LOG_LEVEL 97 | value: notice 98 | - name: KONG_ADMIN_ACCESS_LOG 99 | value: /dev/stdout 100 | - name: KONG_PROXY_ERROR_LOG 101 | value: /dev/stderr 102 | - name: KONG_ADMIN_ERROR_LOG 103 | value: /dev/stderr 104 | - name: KONG_ADMIN_LISTEN 105 | value: 0.0.0.0:8001,0.0.0.0:8444 ssl 106 | - name: KONG_PROXY_LISTEN 107 | value: 'off' 108 | - name: KONG_ADMIN_SSL_CERT 109 | value: /api-server-cert/tls.crt 110 | - name: KONG_ADMIN_SSL_CERT_KEY 111 | value: /api-server-cert/tls.key 112 | - name: KONG_NGINX_WORKER_PROCESSES 113 | value: "1" 114 | volumeMounts: 115 | - name: api-server-cert 116 | mountPath: /api-server-cert 117 | ports: 118 | - name: admin-http 119 | containerPort: 8001 120 | - name: admin-https 121 | containerPort: 8444 122 | livenessProbe: 123 | failureThreshold: 3 124 | httpGet: 125 | path: /status 126 | port: 8001 127 | scheme: HTTP 128 | initialDelaySeconds: 30 129 | periodSeconds: 10 130 | successThreshold: 1 131 | timeoutSeconds: 1 132 | readinessProbe: 133 | failureThreshold: 3 134 | httpGet: 135 | path: /status 136 | port: 8001 137 | scheme: HTTP 138 | periodSeconds: 10 139 | successThreshold: 1 140 | timeoutSeconds: 1 141 | volumes: 142 | - name: api-server-cert 143 | secret: 144 | secretName: kong-control-plane.kong.svc 145 | --- 146 | apiVersion: v1 147 | kind: Service 148 | metadata: 149 | namespace: kong 150 | name: kong-control-plane 151 | spec: 152 | type: ClusterIP 153 | ports: 154 | - port: 8001 155 | selector: 156 | app: kong-control-plane 157 | --- 158 | apiVersion: batch/v1 159 | kind: Job 160 | metadata: 161 | namespace: kong 162 | name: kong-control-plane-bootstrap 163 | labels: 164 | app: kong-control-plane-bootstrap 165 | spec: 166 | template: 167 | metadata: 168 | name: kong-control-plane-bootstrap 169 | labels: 170 | app: kong-control-plane 171 | spec: 172 | initContainers: 173 | - name: wait-for-postgres 174 | image: busybox:latest 175 | imagePullPolicy: IfNotPresent 176 | env: 177 | - name: KONG_PG_PORT 178 | value: "5432" 179 | - name: KONG_PG_HOST 180 | value: postgres.kong.svc 181 | command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] 182 | containers: 183 | - name: kong-migration-boostrap 184 | image: kong 185 | imagePullPolicy: IfNotPresent 186 | env: 187 | - name: KONG_PG_PASSWORD 188 | value: kong 189 | - name: KONG_PG_HOST 190 | value: postgres.kong.svc 191 | - name: KONG_NGINX_WORKER_PROCESSES 192 | value: "1" 193 | command: [ "kong", "migrations", "bootstrap" ] 194 | restartPolicy: OnFailure 195 | -------------------------------------------------------------------------------- /kong-dbless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: kong 5 | name: kong-dbless 6 | labels: 7 | app: kong-dbless 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: kong-dbless 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 1 15 | maxUnavailable: 0 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | labels: 20 | app: kong-dbless 21 | spec: 22 | containers: 23 | - name: hupit 24 | image: hbagdi/hupit:v0.1.0 25 | command: [ "hupit", "--file", "/kong", "--command", "curl -v http://localhost:8001/config -F 'config=@/kong/declarative.yaml'"] 26 | livenessProbe: 27 | failureThreshold: 3 28 | httpGet: 29 | path: /health 30 | port: 8042 31 | readinessProbe: 32 | failureThreshold: 3 33 | httpGet: 34 | path: /health 35 | port: 8042 36 | volumeMounts: 37 | - name: kongdeclarative 38 | mountPath: /kong 39 | - name: kong-dbless 40 | image: kong 41 | imagePullPolicy: IfNotPresent 42 | env: 43 | - name: KONG_DATABASE 44 | value: 'off' 45 | - name: KONG_NGINX_WORKER_PROCESSES 46 | value: "1" 47 | - name: KONG_LOG_LEVEL 48 | value: notice 49 | - name: KONG_ADMIN_ACCESS_LOG 50 | value: /dev/stdout 51 | - name: KONG_PROXY_ERROR_LOG 52 | value: /dev/stderr 53 | - name: KONG_ADMIN_ERROR_LOG 54 | value: /dev/stderr 55 | - name: KONG_ADMIN_LISTEN 56 | value: '127.0.0.1:8001' 57 | - name: KONG_PROXY_LISTEN 58 | value: 0.0.0.0:8000,0.0.0.0:8443 ssl 59 | - name: KONG_DECLARATIVE_CONFIG 60 | value: /kong/declarative.yaml 61 | volumeMounts: 62 | - name: kongdeclarative 63 | mountPath: /kong 64 | ports: 65 | - name: data-http 66 | containerPort: 8000 67 | - name: data-https 68 | containerPort: 8443 69 | readinessProbe: 70 | tcpSocket: 71 | port: 8000 72 | initialDelaySeconds: 5 73 | periodSeconds: 10 74 | livenessProbe: 75 | tcpSocket: 76 | port: 8000 77 | initialDelaySeconds: 15 78 | periodSeconds: 20 79 | volumes: 80 | - name: kongdeclarative 81 | configMap: 82 | name: kongdeclarative 83 | --- 84 | apiVersion: v1 85 | kind: Service 86 | metadata: 87 | namespace: kong 88 | name: kong-dbless 89 | spec: 90 | type: NodePort 91 | ports: 92 | - name: kong-proxy-http 93 | port: 8000 94 | targetPort: 8000 95 | protocol: TCP 96 | - name: kong-proxy-https 97 | port: 8443 98 | targetPort: 8443 99 | protocol: TCP 100 | selector: 101 | app: kong-dbless 102 | -------------------------------------------------------------------------------- /kong-ingress-data-plane-cassandra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: kong 5 | name: kong-ingress-data-plane 6 | labels: 7 | app: kong-ingress-data-plane 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: kong-ingress-data-plane 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 1 15 | maxUnavailable: 0 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | annotations: 20 | k8s.konghq.com/sidecar-inject: "false" 21 | labels: 22 | app: kong-ingress-data-plane 23 | spec: 24 | containers: 25 | - name: kong-ingress-data-plane 26 | image: kong 27 | imagePullPolicy: IfNotPresent 28 | env: 29 | - name: KONG_DATABASE 30 | value: cassandra 31 | - name: KONG_CASSANDRA_CONTACT_POINTS 32 | value: cassandra.default.svc 33 | - name: KONG_CASSANDRA_KEYSPACE 34 | value: kong 35 | - name: KONG_LOG_LEVEL 36 | value: notice 37 | - name: KONG_ADMIN_ACCESS_LOG 38 | value: /dev/stdout 39 | - name: KONG_PROXY_ERROR_LOG 40 | value: /dev/stderr 41 | - name: KONG_ADMIN_ERROR_LOG 42 | value: /dev/stderr 43 | - name: KONG_ADMIN_LISTEN 44 | value: 'off' 45 | - name: KONG_PROXY_LISTEN 46 | value: 0.0.0.0:8000,0.0.0.0:8443 ssl 47 | - name: KONG_NGINX_WORKER_PROCESSES 48 | value: "1" 49 | ports: 50 | - name: data-http 51 | containerPort: 8000 52 | - name: data-https 53 | containerPort: 8443 54 | readinessProbe: 55 | tcpSocket: 56 | port: 8000 57 | initialDelaySeconds: 5 58 | periodSeconds: 10 59 | livenessProbe: 60 | tcpSocket: 61 | port: 8000 62 | initialDelaySeconds: 15 63 | periodSeconds: 20 64 | 65 | --- 66 | apiVersion: v1 67 | kind: Service 68 | metadata: 69 | namespace: kong 70 | name: kong-ingress-data-plane 71 | spec: 72 | type: NodePort 73 | ports: 74 | - name: kong-proxy-http 75 | port: 8000 76 | targetPort: 8000 77 | protocol: TCP 78 | - name: kong-proxy-https 79 | port: 8443 80 | targetPort: 8443 81 | protocol: TCP 82 | selector: 83 | app: kong-ingress-data-plane 84 | -------------------------------------------------------------------------------- /kong-ingress-data-plane-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: kong 5 | name: kong-ingress-data-plane 6 | labels: 7 | app: kong-ingress-data-plane 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: kong-ingress-data-plane 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 1 15 | maxUnavailable: 0 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | annotations: 20 | k8s.konghq.com/sidecar-inject: "false" 21 | labels: 22 | app: kong-ingress-data-plane 23 | spec: 24 | initContainers: 25 | - name: wait-for-postgres 26 | image: busybox:latest 27 | imagePullPolicy: IfNotPresent 28 | env: 29 | - name: KONG_PG_PORT 30 | value: "5432" 31 | - name: KONG_PG_HOST 32 | value: postgres.kong.svc 33 | command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] 34 | containers: 35 | - name: kong-ingress-data-plane 36 | image: kong 37 | imagePullPolicy: IfNotPresent 38 | env: 39 | - name: KONG_PG_PASSWORD 40 | value: kong 41 | - name: KONG_PG_HOST 42 | value: postgres.kong.svc 43 | - name: KONG_LOG_LEVEL 44 | value: notice 45 | - name: KONG_ADMIN_ACCESS_LOG 46 | value: /dev/stdout 47 | - name: KONG_PROXY_ERROR_LOG 48 | value: /dev/stderr 49 | - name: KONG_ADMIN_ERROR_LOG 50 | value: /dev/stderr 51 | - name: KONG_ADMIN_LISTEN 52 | value: 'off' 53 | - name: KONG_PROXY_LISTEN 54 | value: 0.0.0.0:8000,0.0.0.0:8443 ssl 55 | - name: KONG_NGINX_WORKER_PROCESSES 56 | value: "1" 57 | ports: 58 | - name: data-http 59 | containerPort: 8000 60 | - name: data-https 61 | containerPort: 8443 62 | readinessProbe: 63 | tcpSocket: 64 | port: 8000 65 | initialDelaySeconds: 5 66 | periodSeconds: 10 67 | livenessProbe: 68 | tcpSocket: 69 | port: 8000 70 | initialDelaySeconds: 15 71 | periodSeconds: 20 72 | 73 | --- 74 | apiVersion: v1 75 | kind: Service 76 | metadata: 77 | namespace: kong 78 | name: kong-ingress-data-plane 79 | spec: 80 | type: NodePort 81 | ports: 82 | - name: kong-proxy-http 83 | port: 8000 84 | targetPort: 8000 85 | protocol: TCP 86 | - name: kong-proxy-https 87 | port: 8443 88 | targetPort: 8443 89 | protocol: TCP 90 | selector: 91 | app: kong-ingress-data-plane 92 | -------------------------------------------------------------------------------- /kong-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kong 5 | labels: 6 | kong-sidecar-injection: disabled -------------------------------------------------------------------------------- /postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: postgres 5 | namespace: kong 6 | spec: 7 | ports: 8 | - name: pgql 9 | port: 5432 10 | targetPort: 5432 11 | protocol: TCP 12 | selector: 13 | app: postgres 14 | 15 | --- 16 | apiVersion: v1 17 | kind: ReplicationController 18 | metadata: 19 | name: postgres 20 | namespace: kong 21 | spec: 22 | replicas: 1 23 | template: 24 | metadata: 25 | labels: 26 | app: postgres 27 | spec: 28 | containers: 29 | - name: postgres 30 | image: postgres:9.6 31 | env: 32 | - name: POSTGRES_USER 33 | value: kong 34 | - name: POSTGRES_PASSWORD 35 | value: kong 36 | - name: POSTGRES_DB 37 | value: kong 38 | - name: PGDATA 39 | value: /var/lib/postgresql/data/pgdata 40 | ports: 41 | - containerPort: 5432 42 | volumeMounts: 43 | - mountPath: /var/lib/postgresql/data 44 | name: pg-data 45 | volumes: 46 | - name: pg-data 47 | emptyDir: {} 48 | 49 | -------------------------------------------------------------------------------- /run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | export KUBECONFIG="$(kind get kubeconfig-path --name="kind")" 6 | 7 | counter=0 8 | while [[ "$(kubectl get pod --all-namespaces | grep -v Running | grep -v Completed | wc -l)" != 1 ]]; do 9 | counter=$((counter + 1)) 10 | if [ "$counter" -gt "30" ] 11 | then 12 | exit 1 13 | fi 14 | kubectl get pod --all-namespaces -o wide 15 | echo "waiting for K8s to be ready" 16 | sleep 10; 17 | done 18 | 19 | make run_$KONG_TEST_DATABASE 20 | sleep 10 21 | 22 | counter=0 23 | while [[ "$(kubectl get deployment kong-control-plane -n kong | tail -n +2 | awk '{print $4}')" != 1 ]]; do 24 | counter=$((counter + 1)) 25 | if [ "$counter" -gt "30" ] 26 | then 27 | exit 1 28 | fi 29 | echo "waiting for Kong control plane to be ready" 30 | kubectl get pod --all-namespaces -o wide 31 | sleep 10; 32 | done 33 | 34 | counter=0 35 | while [[ "$(kubectl get deployment kong-ingress-data-plane -n kong | tail -n +2 | awk '{print $4}')" != 1 ]]; do 36 | counter=$((counter + 1)) 37 | if [ "$counter" -gt "30" ] 38 | then 39 | exit 1 40 | fi 41 | echo "waiting for Kong data plane to be ready" 42 | kubectl get pod --all-namespaces -o wide 43 | sleep 10; 44 | done 45 | 46 | counter=0 47 | while [[ "$(kubectl get pod --all-namespaces | grep -v Running | grep -v Completed | wc -l)" != 1 ]]; do 48 | counter=$((counter + 1)) 49 | if [ "$counter" -gt "30" ] 50 | then 51 | exit 1 52 | fi 53 | kubectl get pod --all-namespaces -o wide 54 | echo "something is still not ready" 55 | sleep 10; 56 | done 57 | 58 | KONG_VERSION=$(kubectl exec -n kong -it $(kubectl get pods -n kong | grep Running | grep kong | head -n 1 | awk '{print $1}') -- kong version | tr -d '[:space:]') 59 | 60 | kubectl port-forward -n kong deployment/kong-control-plane 8001 & 61 | HOST="$(kubectl get nodes --namespace kong -o jsonpath='{.items[0].status.addresses[0].address}')" 62 | echo $HOST 63 | PROXY_PORT=$(kubectl get svc --namespace kong kong-ingress-data-plane -o jsonpath='{.spec.ports[0].nodePort}') 64 | echo $PROXY_PORT 65 | 66 | pushd kong-build-tools 67 | TEST_ADMIN_URI=http://localhost:8001 TEST_PROXY_URI=http://$HOST:$PROXY_PORT KONG_VERSION=$KONG_VERSION make -f Makefile run_tests 68 | popd 69 | -------------------------------------------------------------------------------- /setup_certificate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eufo pipefail 4 | 5 | cd $(mktemp -d) 6 | 7 | ### Create a key+certificate for the control plane 8 | cat <