From 93a28f1d5a69b0c5a8820216892a2e34d8e43c47 Mon Sep 17 00:00:00 2001 From: Sujeet Agrahari Date: Sun, 18 Feb 2024 07:45:44 +0530 Subject: [PATCH] feat: add kong configuration --- README.md | 24 +- kubernetes/deployment.yaml | 46 --- kubernetes/kong/install.sh | 3 + kubernetes/kong/quick-link-kong-route.yaml | 21 -- ...-ingress.yaml => quick-links-ingress.yaml} | 15 +- .../quickstart-enterprise-licensed-aio.yaml | 285 ------------------ quick-links-charts/values.yaml | 2 +- 7 files changed, 31 insertions(+), 365 deletions(-) delete mode 100644 kubernetes/deployment.yaml create mode 100644 kubernetes/kong/install.sh delete mode 100644 kubernetes/kong/quick-link-kong-route.yaml rename kubernetes/kong/{quick-link-ingress.yaml => quick-links-ingress.yaml} (57%) delete mode 100644 kubernetes/kong/quickstart-enterprise-licensed-aio.yaml diff --git a/README.md b/README.md index 4af60f9..7d6f5ba 100644 --- a/README.md +++ b/README.md @@ -192,17 +192,37 @@ REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379 ### Setup Kubernetes Dashboard +#### Using Helm + +```sh +helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ +helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard + +``` + +Get the Kubernetes Dashboard URL by running: + +```sh + export POD_NAME=$(kubectl get pods -n kubernetes-dashboard -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}") + echo https://127.0.0.1:8443/ + kubectl -n kubernetes-dashboard port-forward $POD_NAME 8443:8443 +``` + +#### Without Using Helm + - Create a service account + ```sh - kubectl apply -f ./kubernetes/service-accounts/k8s-dashboard.service-account.yaml + kubectl apply -f kubernetes/k8s-dashboard/k8s-dashboard.service-account.yaml ``` + - Create cluster-level role binding ```sh kubectl apply -f ./kubernetes/service-accounts/k8s-cluster-level.role-binding.yaml ``` We can also create a role-binding for a namespace ```sh - kubectl apply -f ./kubernetes/service-accounts/k8s-dashboard.role-binding.yaml + kubectl apply -f kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml ``` - Generate access token for a service account diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml deleted file mode 100644 index 4590d4d..0000000 --- a/kubernetes/deployment.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: quick-links-deployment -spec: - replicas: 2 - selector: - matchLabels: - app: quick-links - template: - metadata: - labels: - app: quick-links - spec: - containers: - - name: quick-links - image: quick-link-service:latest - imagePullPolicy: Never - env: - - name: DB_HOST - value: 'postgres-postgresql-ha-pgpool' - - name: DB_USER - value: 'postgres' - - name: DB_PASSWORD - value: 'password' - - name: DB_NAME - value: 'quicklink' - - name: REDIS_HOST - value: 'redis-master' - - name: REDIS_PASSWORD - value: 'Mx765t6kQe' - ---- -apiVersion: v1 -kind: Service -metadata: - name: quick-links-service -spec: - selector: - app: quick-links - ports: - - name: quick-links - protocol: TCP - port: 3000 - targetPort: 3000 - type: ClusterIP diff --git a/kubernetes/kong/install.sh b/kubernetes/kong/install.sh new file mode 100644 index 0000000..35366ad --- /dev/null +++ b/kubernetes/kong/install.sh @@ -0,0 +1,3 @@ +helm install kong kong/kong --set admin.useTLS=false,admin.enabled=true,admin.http.enabled=true + +# remove namesapce \ No newline at end of file diff --git a/kubernetes/kong/quick-link-kong-route.yaml b/kubernetes/kong/quick-link-kong-route.yaml deleted file mode 100644 index e421374..0000000 --- a/kubernetes/kong/quick-link-kong-route.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: configuration.konghq.com/v1 -kind: KongService -metadata: - name: quick-links-kong-service -upstream_url: http://quick-links-service:3000 - ---- -apiVersion: configuration.konghq.com/v1 -kind: KongRoute -metadata: - name: quick-link-route -spec: - hosts: - - example.com - methods: - - GET - paths: - - /quick-links - protocols: - - http - service: quick-links-kong-service diff --git a/kubernetes/kong/quick-link-ingress.yaml b/kubernetes/kong/quick-links-ingress.yaml similarity index 57% rename from kubernetes/kong/quick-link-ingress.yaml rename to kubernetes/kong/quick-links-ingress.yaml index b291b81..7d18802 100644 --- a/kubernetes/kong/quick-link-ingress.yaml +++ b/kubernetes/kong/quick-links-ingress.yaml @@ -1,19 +1,14 @@ apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: kong -spec: - controller: ingress-controllers.konghq.com/kong ---- -apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: quick-links-ingress annotations: - kubernetes.io/ingress.class: kong + kubernetes.io/ingress.class: 'kong' + konghq.com/strip-path: 'true' spec: rules: - - http: + - host: localhost + http: paths: - path: /quick-links pathType: Prefix @@ -21,4 +16,4 @@ spec: service: name: quick-links-service port: - name: quick-links + number: 3000 diff --git a/kubernetes/kong/quickstart-enterprise-licensed-aio.yaml b/kubernetes/kong/quickstart-enterprise-licensed-aio.yaml deleted file mode 100644 index 7723080..0000000 --- a/kubernetes/kong/quickstart-enterprise-licensed-aio.yaml +++ /dev/null @@ -1,285 +0,0 @@ -admin: - annotations: - konghq.com/protocol: https - enabled: true - http: - enabled: false - ingress: - annotations: - konghq.com/https-redirect-status-code: '301' - konghq.com/protocols: https - konghq.com/strip-path: 'true' - kubernetes.io/ingress.class: default - nginx.ingress.kubernetes.io/app-root: / - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/permanent-redirect-code: '301' - enabled: true - hostname: kong.127-0-0-1.nip.io - path: /api - tls: quickstart-kong-admin-cert - tls: - containerPort: 8444 - enabled: true - parameters: - - http2 - servicePort: 8444 - type: ClusterIP -affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - dataplane - topologyKey: kubernetes.io/hostname - weight: 100 -certificates: - enabled: true - issuer: quickstart-kong-selfsigned-issuer - cluster: - enabled: true - admin: - enabled: true - commonName: kong.127-0-0-1.nip.io - portal: - enabled: true - commonName: developer.127-0-0-1.nip.io - proxy: - enabled: true - commonName: 127-0-0-1.nip.io - dnsNames: - - '*.127-0-0-1.nip.io' -cluster: - enabled: true - labels: - konghq.com/service: cluster - tls: - containerPort: 8005 - enabled: true - servicePort: 8005 - type: ClusterIP -clustertelemetry: - enabled: true - tls: - containerPort: 8006 - enabled: true - servicePort: 8006 - type: ClusterIP -deployment: - kong: - daemonset: false - enabled: true -enterprise: - enabled: true - license_secret: kong-enterprise-license - portal: - enabled: true - rbac: - admin_api_auth: basic-auth - admin_gui_auth_conf_secret: kong-config-secret - enabled: true - session_conf_secret: kong-config-secret - smtp: - enabled: false - vitals: - enabled: true -env: - admin_access_log: /dev/stdout - admin_api_uri: https://kong.127-0-0-1.nip.io/api - admin_error_log: /dev/stdout - admin_gui_access_log: /dev/stdout - admin_gui_error_log: /dev/stdout - admin_gui_host: kong.127-0-0-1.nip.io - admin_gui_protocol: https - admin_gui_url: https://kong.127-0-0-1.nip.io/ - cluster_data_plane_purge_delay: 60 - cluster_listen: 0.0.0.0:8005 - cluster_telemetry_listen: 0.0.0.0:8006 - database: postgres - log_level: debug - lua_package_path: /opt/?.lua;; - nginx_worker_processes: '2' - password: - valueFrom: - secretKeyRef: - key: kong_admin_password - name: kong-config-secret - pg_database: kong - pg_host: - valueFrom: - secretKeyRef: - key: pg_host - name: kong-config-secret - pg_ssl: 'off' - pg_ssl_verify: 'off' - pg_user: kong - plugins: bundled,openid-connect - portal: true - portal_api_access_log: /dev/stdout - portal_api_error_log: /dev/stdout - portal_api_url: https://developer.127-0-0-1.nip.io/api - portal_auth: basic-auth - portal_cors_origins: '*' - portal_gui_access_log: /dev/stdout - portal_gui_error_log: /dev/stdout - portal_gui_host: developer.127-0-0-1.nip.io - portal_gui_protocol: https - portal_gui_url: https://developer.127-0-0-1.nip.io/ - portal_session_conf: - valueFrom: - secretKeyRef: - key: portal_session_conf - name: kong-config-secret - prefix: /kong_prefix/ - proxy_access_log: /dev/stdout - proxy_error_log: /dev/stdout - proxy_stream_access_log: /dev/stdout - proxy_stream_error_log: /dev/stdout - smtp_mock: 'on' - status_listen: 0.0.0.0:8100 - trusted_ips: 0.0.0.0/0,::/0 - vitals: true -extraLabels: - konghq.com/component: quickstart -image: - repository: kong/kong-gateway - tag: '3.1' -ingressController: - enabled: true - env: - kong_admin_filter_tag: ingress_controller_default - kong_admin_tls_skip_verify: true - kong_admin_token: - valueFrom: - secretKeyRef: - key: password - name: kong-config-secret - kong_admin_url: https://localhost:8444 - kong_workspace: default - publish_service: kong/quickstart-kong-proxy - image: - repository: docker.io/kong/kubernetes-ingress-controller - tag: '2.8' - ingressClass: default - installCRDs: false -manager: - annotations: - konghq.com/protocol: https - enabled: true - http: - containerPort: 8002 - enabled: false - servicePort: 8002 - ingress: - annotations: - konghq.com/https-redirect-status-code: '301' - kubernetes.io/ingress.class: default - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - enabled: true - hostname: kong.127-0-0-1.nip.io - path: / - tls: quickstart-kong-admin-cert - tls: - containerPort: 8445 - enabled: true - parameters: - - http2 - servicePort: 8445 - type: ClusterIP -migrations: - enabled: true - postUpgrade: true - preUpgrade: true -namespace: kong -podAnnotations: - kuma.io/gateway: enabled -portal: - annotations: - konghq.com/protocol: https - enabled: true - http: - containerPort: 8003 - enabled: false - servicePort: 8003 - ingress: - annotations: - konghq.com/https-redirect-status-code: '301' - konghq.com/protocols: https - konghq.com/strip-path: 'false' - kubernetes.io/ingress.class: default - enabled: true - hostname: developer.127-0-0-1.nip.io - path: / - tls: quickstart-kong-portal-cert - tls: - containerPort: 8446 - enabled: true - parameters: - - http2 - servicePort: 8446 - type: ClusterIP -portalapi: - annotations: - konghq.com/protocol: https - enabled: true - http: - enabled: false - ingress: - annotations: - konghq.com/https-redirect-status-code: '301' - konghq.com/protocols: https - konghq.com/strip-path: 'true' - kubernetes.io/ingress.class: default - nginx.ingress.kubernetes.io/app-root: / - enabled: true - hostname: developer.127-0-0-1.nip.io - path: /api - tls: quickstart-kong-portal-cert - tls: - containerPort: 8447 - enabled: true - parameters: - - http2 - servicePort: 8447 - type: ClusterIP -postgresql: - enabled: true - auth: - database: kong - username: kong -proxy: - annotations: - prometheus.io/port: '9542' - prometheus.io/scrape: 'true' - enabled: true - http: - containerPort: 8080 - enabled: true - hostPort: 80 - ingress: - enabled: false - labels: - enable-metrics: true - tls: - containerPort: 8443 - enabled: true - hostPort: 443 - type: LoadBalancer -replicaCount: 1 -secretVolumes: [] -status: - enabled: true - http: - containerPort: 8100 - enabled: true - tls: - containerPort: 8543 - enabled: false -updateStrategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 100% - type: RollingUpdate diff --git a/quick-links-charts/values.yaml b/quick-links-charts/values.yaml index 74082f4..d1f500b 100644 --- a/quick-links-charts/values.yaml +++ b/quick-links-charts/values.yaml @@ -5,7 +5,7 @@ deployment: replicaCount: 2 image: repository: quick-links - tag: prod + tag: dev pullPolicy: Never env: DB_HOST: 'postgres-postgresql-ha-pgpool'