Soit l'installation est sur le cluster ou sur une VM<\/p>\n
openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) \\\n-keyout .\/cluster.key -out .\/cluster.crt \\\n-days 1095 -subj "\/CN=kong_clustering"\n\nkubectl create secret tls kong-cluster-cert --cert=.\/cluster.crt --key=.\/cluster.key -n kong<\/code><\/pre>\nInstallation du controle Plane<\/h3>\n
En choisissant la base sur une VM voici le yaml qu'il faut appliquer <\/p>\n
apiVersion: v1\nkind: ServiceAccount\nmetadata:\n namespace: kong\n name: kong\n labels:\n app: kong\n---\napiVersion: rbac.authorization.k8s.io\/v1\nkind: Role\nmetadata:\n namespace: kong\n name: kong\n labels:\n app: kong\nrules:\n - apiGroups:\n - ""\n resources:\n - secrets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io\/v1\nkind: RoleBinding\nmetadata:\n namespace: kong\n name: kong\n labels:\n app: kong\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: kong\nsubjects:\n - kind: ServiceAccount\n namespace: kong\n name: kong\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n namespace: kong\n name: kong-control-plane\n labels:\n app: kong-control-plane\nspec:\n selector:\n matchLabels:\n app: kong-control-plane\n strategy:\n rollingUpdate:\n maxSurge: 1\n maxUnavailable: 0\n type: RollingUpdate\n template:\n metadata:\n annotations:\n k8s.konghq.com\/sidecar-inject: "false"\n prometheus.io\/port: "8001"\n prometheus.io\/scrape: "true"\n labels:\n app: kong-control-plane\n spec:\n serviceAccountName: kong\n initContainers:\n - name: kong-migration-up\n image: kong\n imagePullPolicy: IfNotPresent\n env:\n - name: KONG_DATABASE\n value: postgres\n - name: KONG_PG_USER\n value: toto\n - name: KONG_PG_PASSWORD\n value: toto\n - name: KONG_PG_HOST\n value: 111.11.111.111\n - name: KONG_NGINX_WORKER_PROCESSES\n value: "1"\n command: [ "\/bin\/sh", "-c", "kong migrations up && kong migrations finish" ]\n volumes:\n - name: tls-volumekong\n secret:\n secretName: kong-cluster-cert\n containers:\n - name: kong-control-plane\n volumeMounts:\n - name: tls-volumekong\n mountPath: \/etc\/secrets\/kong-cluster-cert\n image: kong\n imagePullPolicy: IfNotPresent\n env:\n - name: KONG_ROLE\n value: control_plane\n - name: KONG_DATABASE\n value: postgres\n - name: KONG_PG_USER\n value: toto\n - name: KONG_PG_PASSWORD\n value: toto\n - name: KONG_PG_HOST\n value: 111.11.111.111\n - name: KONG_LOG_LEVEL\n value: notice\n - name: KONG_ADMIN_ACCESS_LOG\n value: \/dev\/stdout\n - name: KONG_PROXY_ERROR_LOG\n value: \/dev\/stderr\n - name: KONG_ADMIN_ERROR_LOG\n value: \/dev\/stderr\n - name: KONG_ADMIN_LISTEN\n value: 0.0.0.0:8001\n - name: KONG_PROXY_LISTEN\n value: 'off'\n - name: KONG_NGINX_WORKER_PROCESSES\n value: "1"\n - name: KONG_CLUSTER_CERT\n value: \/etc\/secrets\/kong-cluster-cert\/tls.crt\n - name: KONG_CLUSTER_CERT_KEY\n value: \/etc\/secrets\/kong-cluster-cert\/tls.key\n ports:\n - name: cluster-http\n containerPort: 8005\n - name: cluster-tele\n containerPort: 8006\n - name: admin-http\n containerPort: 8001\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: \/status\n port: 8001\n scheme: HTTP\n initialDelaySeconds: 30\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n failureThreshold: 3\n httpGet:\n path: \/status\n port: 8001\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n---\napiVersion: v1\nkind: Service\nmetadata:\n namespace: kong\n name: kong-control-plane\nspec:\n type: ClusterIP\n ports:\n - port: 8001\n selector:\n app: kong-control-plane\n---\napiVersion: v1\nkind: Service\nmetadata:\n namespace: kong\n name: kong-cluster-svc\nspec:\n type: ClusterIP\n ports:\n - port: 8005\n selector:\n app: kong-control-plane\n---\napiVersion: batch\/v1\nkind: Job\nmetadata:\n namespace: kong\n name: kong-control-plane-bootstrap\n labels:\n app: kong-control-plane-bootstrap\nspec:\n template:\n metadata:\n name: kong-control-plane-bootstrap\n labels:\n app: kong-control-plane\n spec:\n containers:\n - name: kong-migration-boostrap\n image: kong\n imagePullPolicy: IfNotPresent\n env:\n - name: KONG_DATABASE\n value: postgres\n - name: KONG_PG_USER\n value: toto\n - name: KONG_PG_PASSWORD\n value: toto\n - name: KONG_PG_HOST\n value: 111.11.111.111\n - name: KONG_NGINX_WORKER_PROCESSES\n value: "1"\n command: [ "kong", "migrations", "bootstrap" ]\n restartPolicy: OnFailure<\/code><\/pre>\nInstalltation du dataPlane<\/h3>\n
Create dataplane with this script yaml<\/p>\n
apiVersion: apps\/v1\nkind: Deployment\nmetadata:\n namespace: kong\n name: kong-data-plane\n labels:\n app: kong-data-plane\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: kong-data-plane\n strategy:\n rollingUpdate:\n maxSurge: 1\n maxUnavailable: 0\n type: RollingUpdate\n template:\n metadata:\n annotations:\n k8s.konghq.com\/sidecar-inject: "false"\n labels:\n app: kong-data-plane\n spec:\n volumes:\n - name: tls-volumekong\n secret:\n secretName: kong-cluster-cert\n containers:\n - name: kong-data-plane\n volumeMounts:\n - name: tls-volumekong\n mountPath: \/etc\/secrets\/kong-cluster-cert\n image: kong:latest\n imagePullPolicy: IfNotPresent\n env:\n - name: KONG_ROLE\n value: data_plane\n - name: KONG_DATABASE\n value: 'off'\n - name: KONG_PROXY_ACCESS_LOG\n value: \/dev\/stdout\n - name: KONG_PROXY_ERROR_LOG\n value: \/dev\/stderr\n - name: KONG_CLUSTER_CONTROL_PLANE\n value: 10.49.47.118:8005\n - name: KONG_STATUS_LISTEN\n value: 0.0.0.0:8001\n - name: KONG_CLUSTER_CERT\n value: \/etc\/secrets\/kong-cluster-cert\/tls.crt\n - name: KONG_CLUSTER_CERT_KEY\n value: \/etc\/secrets\/kong-cluster-cert\/tls.key\n ports:\n - name: data-http\n containerPort: 8000<\/code><\/pre>\nLiens utils<\/h3>\n
Vars Postgres : https:\/\/docs.konghq.com\/gateway\/latest\/install\/docker\/<\/a>
\nDataplane : https:\/\/github.com\/Kong\/kong-dist-kubernetes\/blob\/master\/kong-ingress-data-plane-postgres.yaml<\/a><\/p>\n