This repository has been archived by the owner on Mar 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 134
/
Copy pathkong-control-plane-postgres.yaml
194 lines (194 loc) · 4.76 KB
/
kong-control-plane-postgres.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kong
name: kong
labels:
app: kong
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
namespace: kong
name: kong
labels:
app: kong
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
namespace: kong
name: kong
labels:
app: kong
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kong
subjects:
- kind: ServiceAccount
namespace: kong
name: kong
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: kong
name: kong-control-plane
labels:
app: kong-control-plane
spec:
selector:
matchLabels:
app: kong-control-plane
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
k8s.konghq.com/sidecar-inject: "false"
prometheus.io/port: "8001"
prometheus.io/scrape: "true"
labels:
app: kong-control-plane
spec:
serviceAccountName: kong
initContainers:
- name: wait-for-postgres
image: busybox:latest
imagePullPolicy: IfNotPresent
env:
- name: KONG_PG_PORT
value: "5432"
- name: KONG_PG_HOST
value: postgres.kong.svc
command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
- name: kong-migration-up
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_HOST
value: postgres.kong.svc
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
command: [ "/bin/sh", "-c", "kong migrations up && kong migrations finish" ]
containers:
- name: kong-control-plane
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_HOST
value: postgres.kong.svc
- name: KONG_LOG_LEVEL
value: notice
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001,0.0.0.0:8444 ssl
- name: KONG_PROXY_LISTEN
value: 'off'
- name: KONG_ADMIN_SSL_CERT
value: /api-server-cert/tls.crt
- name: KONG_ADMIN_SSL_CERT_KEY
value: /api-server-cert/tls.key
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
volumeMounts:
- name: api-server-cert
mountPath: /api-server-cert
ports:
- name: admin-http
containerPort: 8001
- name: admin-https
containerPort: 8444
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8001
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumes:
- name: api-server-cert
secret:
secretName: kong-control-plane.kong.svc
---
apiVersion: v1
kind: Service
metadata:
namespace: kong
name: kong-control-plane
spec:
type: ClusterIP
ports:
- port: 8001
selector:
app: kong-control-plane
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: kong
name: kong-control-plane-bootstrap
labels:
app: kong-control-plane-bootstrap
spec:
template:
metadata:
name: kong-control-plane-bootstrap
labels:
app: kong-control-plane
spec:
initContainers:
- name: wait-for-postgres
image: busybox:latest
imagePullPolicy: IfNotPresent
env:
- name: KONG_PG_PORT
value: "5432"
- name: KONG_PG_HOST
value: postgres.kong.svc
command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
containers:
- name: kong-migration-boostrap
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_HOST
value: postgres.kong.svc
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
command: [ "kong", "migrations", "bootstrap" ]
restartPolicy: OnFailure