Installation Kong
Installation de la base Postgres
Soit l'installation est sur le cluster ou sur une VM
Création des clés cluster
openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) \
-keyout ./cluster.key -out ./cluster.crt \
-days 1095 -subj "/CN=kong_clustering"
kubectl create secret tls kong-cluster-cert --cert=./cluster.crt --key=./cluster.key -n kongInstallation du controle Plane
En choisissant la base sur une VM voici le yaml qu'il faut appliquer
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kong
name: kong
labels:
app: kong
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: kong
name: kong
labels:
app: kong
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: kong
name: kong
labels:
app: kong
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kong
subjects:
- kind: ServiceAccount
namespace: kong
name: kong
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: kong
name: kong-control-plane
labels:
app: kong-control-plane
spec:
selector:
matchLabels:
app: kong-control-plane
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
k8s.konghq.com/sidecar-inject: "false"
prometheus.io/port: "8001"
prometheus.io/scrape: "true"
labels:
app: kong-control-plane
spec:
serviceAccountName: kong
initContainers:
- name: kong-migration-up
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_USER
value: toto
- name: KONG_PG_PASSWORD
value: toto
- name: KONG_PG_HOST
value: 111.11.111.111
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
command: [ "/bin/sh", "-c", "kong migrations up && kong migrations finish" ]
volumes:
- name: tls-volumekong
secret:
secretName: kong-cluster-cert
containers:
- name: kong-control-plane
volumeMounts:
- name: tls-volumekong
mountPath: /etc/secrets/kong-cluster-cert
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_ROLE
value: control_plane
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_USER
value: toto
- name: KONG_PG_PASSWORD
value: toto
- name: KONG_PG_HOST
value: 111.11.111.111
- name: KONG_LOG_LEVEL
value: notice
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001
- name: KONG_PROXY_LISTEN
value: 'off'
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
- name: KONG_CLUSTER_CERT
value: /etc/secrets/kong-cluster-cert/tls.crt
- name: KONG_CLUSTER_CERT_KEY
value: /etc/secrets/kong-cluster-cert/tls.key
ports:
- name: cluster-http
containerPort: 8005
- name: cluster-tele
containerPort: 8006
- name: admin-http
containerPort: 8001
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8001
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8001
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
namespace: kong
name: kong-control-plane
spec:
type: ClusterIP
ports:
- port: 8001
selector:
app: kong-control-plane
---
apiVersion: v1
kind: Service
metadata:
namespace: kong
name: kong-cluster-svc
spec:
type: ClusterIP
ports:
- port: 8005
selector:
app: kong-control-plane
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: kong
name: kong-control-plane-bootstrap
labels:
app: kong-control-plane-bootstrap
spec:
template:
metadata:
name: kong-control-plane-bootstrap
labels:
app: kong-control-plane
spec:
containers:
- name: kong-migration-boostrap
image: kong
imagePullPolicy: IfNotPresent
env:
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_USER
value: toto
- name: KONG_PG_PASSWORD
value: toto
- name: KONG_PG_HOST
value: 111.11.111.111
- name: KONG_NGINX_WORKER_PROCESSES
value: "1"
command: [ "kong", "migrations", "bootstrap" ]
restartPolicy: OnFailureInstalltation du dataPlane
Create dataplane with this script yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: kong
name: kong-data-plane
labels:
app: kong-data-plane
spec:
replicas: 1
selector:
matchLabels:
app: kong-data-plane
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
k8s.konghq.com/sidecar-inject: "false"
labels:
app: kong-data-plane
spec:
volumes:
- name: tls-volumekong
secret:
secretName: kong-cluster-cert
containers:
- name: kong-data-plane
volumeMounts:
- name: tls-volumekong
mountPath: /etc/secrets/kong-cluster-cert
image: kong:latest
imagePullPolicy: IfNotPresent
env:
- name: KONG_ROLE
value: data_plane
- name: KONG_DATABASE
value: 'off'
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_CLUSTER_CONTROL_PLANE
value: 10.49.47.118:8005
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8001
- name: KONG_CLUSTER_CERT
value: /etc/secrets/kong-cluster-cert/tls.crt
- name: KONG_CLUSTER_CERT_KEY
value: /etc/secrets/kong-cluster-cert/tls.key
ports:
- name: data-http
containerPort: 8000Liens utils
Vars Postgres : https://docs.konghq.com/gateway/latest/install/docker/
Dataplane : https://github.com/Kong/kong-dist-kubernetes/blob/master/kong-ingress-data-plane-postgres.yaml
ControlPlane : https://github.com/Kong/kong-dist-kubernetes/blob/master/kong-control-plane-postgres.yaml