Adding open-appsec-kong helm chart to repo based on kong 2.16.1

2025-09-29 11:16:30 +03:00 · 2023-05-02 14:30:33 +03:00
parent 2c750513a1
commit 240f58217a
132 changed files with 17727 additions and 0 deletions
--- a/build_system/charts/open-appsec-kong/ci/custom-labels.yaml
+++ b/build_system/charts/open-appsec-kong/ci/custom-labels.yaml
@@ -0,0 +1,6 @@
+
+# install chart with some extra labels
+
+extraLabels:
+  acme.com/some-key: some-value
+
--- a/build_system/charts/open-appsec-kong/ci/default-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/default-values.yaml
@@ -0,0 +1,9 @@
+# install chart with default values
+proxy:
+  type: NodePort
+
+env:
+  anonymous_reports: "off"
+ingressController:
+  env:
+    anonymous_reports: "false"
--- a/build_system/charts/open-appsec-kong/ci/service-account.yaml
+++ b/build_system/charts/open-appsec-kong/ci/service-account.yaml
@@ -0,0 +1,11 @@
+
+# install chart with a service account
+deployment:
+  serviceAccount:
+    create: true
+    name: "my-kong-sa"
+    annotations: {}
+
+ingressController:
+  serviceAccount:
+    create: false
--- a/build_system/charts/open-appsec-kong/ci/single-image-default.yaml
+++ b/build_system/charts/open-appsec-kong/ci/single-image-default.yaml
@@ -0,0 +1,15 @@
+# install chart with default values
+# use single image strings instead of repository/tag
+
+image:
+  unifiedRepoTag: kong:2.6
+proxy:
+  type: NodePort
+
+env:
+  anonymous_reports: "off"
+ingressController:
+  env:
+    anonymous_reports: "false"
+  image:
+    unifiedRepoTag: kong/kubernetes-ingress-controller:2.0.2
--- a/build_system/charts/open-appsec-kong/ci/test1-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test1-values.yaml
@@ -0,0 +1,74 @@
+# This tests the following unrelated aspects of Ingress Controller
+# - HPA enabled
+autoscaling:
+  enabled: true
+  args:
+    - --alsologtostderr
+# - ingressController deploys without a database (default)
+ingressController:
+  enabled: true
+# - webhook is enabled and deploys
+  admissionWebhook:
+    enabled: true
+# - environment variables can be injected into ingress controller container
+  env:
+    anonymous_reports: "false"
+    kong_admin_header: "foo:bar"
+# - annotations can be injected for service account
+  serviceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME
+  userDefinedVolumeMounts:
+  - name: "tmpdir"
+    mountPath: "/tmp/foo"
+    readOnly: true
+  - name: "controllerdir"
+    mountPath: "/tmp/controller"
+# - pod labels can be added to the deployment template
+podLabels:
+  app: kong
+  environment: test
+# - podSecurityPolicies are enabled
+podSecurityPolicy:
+  enabled: true
+# - ingress resources are created with hosts
+admin:
+  type: NodePort
+  ingress:
+    enabled: true
+    hostname: admin.kong.example
+    annotations: {}
+    path: /
+proxy:
+  type: NodePort
+  ingress:
+    enabled: true
+    hostname: proxy.kong.example
+    annotations: {}
+    path: /
+env:
+  anonymous_reports: "off"
+
+deployment:
+  initContainers:
+    - name: "bash"
+      image: "bash:latest"
+      command: ["/bin/sh", "-c", "true"]
+      resources:
+        limits:
+          cpu: "100m"
+          memory: "64Mi"
+        requests:
+          cpu: "100m"
+          memory: "64Mi"
+      volumeMounts:
+      - name: "tmpdir"
+        mountPath: "/tmp/foo"
+  userDefinedVolumes:
+  - name: "tmpdir"
+    emptyDir: {}
+  - name: "controllerdir"
+    emptyDir: {}
+  userDefinedVolumeMounts:
+  - name: "tmpdir"
+    mountPath: "/tmp/foo"
--- a/build_system/charts/open-appsec-kong/ci/test2-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test2-values.yaml
@@ -0,0 +1,66 @@
+# This tests the following unrelated aspects of Ingress Controller
+# - ingressController deploys with a database
+# - stream listens work
+# - a mixture of controller, Kong, and shared volumes successfully mount
+# - watchNamespaces is set
+ingressController:
+  enabled: true
+  env:
+    anonymous_reports: "false"
+  customEnv:
+    TZ: "Europe/Berlin"
+  watchNamespaces:
+  - default
+postgresql:
+  enabled: true
+  auth:
+    username: kong
+    password: kong
+env:
+  anonymous_reports: "off"
+  database: "postgres"
+# - ingress resources are created without hosts
+admin:
+  type: NodePort
+  ingress:
+    enabled: true
+    hosts: []
+    path: /
+proxy:
+  type: NodePort
+  ingress:
+    enabled: true
+    hostname: proxy.kong.example
+    annotations: {}
+    path: /
+# - add stream listens
+  stream:
+  - containerPort: 9000
+    servicePort: 9000
+    parameters: []
+  - containerPort: 9001
+    servicePort: 9001
+    parameters:
+    - ssl
+
+# - PDB is enabled
+podDisruptionBudget:
+  enabled: true
+# update strategy
+updateStrategy:
+  type: "RollingUpdate"
+  rollingUpdate:
+    maxSurge: 1
+    maxUnavailable: 0
+deployment:
+  initContainers:
+    - name: "bash"
+      image: "bash:latest"
+      command: ["/bin/sh", "-c", "true"]
+      resources:
+        limits:
+          cpu: "100m"
+          memory: "64Mi"
+        requests:
+          cpu: "100m"
+          memory: "64Mi"
--- a/build_system/charts/open-appsec-kong/ci/test3-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test3-values.yaml
@@ -0,0 +1,43 @@
+# CI test for testing dbless deployment without ingress controllers
+# - disable ingress controller
+ingressController:
+  enabled: false
+# - disable DB for kong
+env:
+  anonymous_reports: "off"
+  database: "off"
+postgresql:
+  enabled: false
+proxy:
+  type: NodePort
+deployment:
+  initContainers:
+    - name: "bash"
+      image: "bash:latest"
+      command: ["/bin/sh", "-c", "true"]
+      resources:
+        limits:
+          cpu: "100m"
+          memory: "64Mi"
+        requests:
+          cpu: "100m"
+          memory: "64Mi"
+      volumeMounts:
+      - name: "tmpdir"
+        mountPath: "/opt/tmp"
+  userDefinedVolumes:
+  - name: "tmpdir"
+    emptyDir: {}
+  userDefinedVolumeMounts:
+  - name: "tmpdir"
+    mountPath: "/opt/tmp"
+dblessConfig:
+  config: |
+    _format_version: "1.1"
+    services:
+      - name: example.com
+        url: http://example.com
+        routes:
+        - name: example
+          paths:
+          - "/example"
--- a/build_system/charts/open-appsec-kong/ci/test4-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test4-values.yaml
@@ -0,0 +1,36 @@
+# CI test for testing dbless deployment without ingress controllers using legacy admin listen and stream listens
+# - disable ingress controller
+ingressController:
+  enabled: false
+  env:
+    anonymous_reports: "false"
+
+# - disable DB for kong
+env:
+  anonymous_reports: "off"
+  database: "off"
+postgresql:
+  enabled: false
+proxy:
+  type: NodePort
+# - add stream listens
+  stream:
+  - containerPort: 9000
+    servicePort: 9000
+    parameters: []
+  - containerPort: 9001
+    servicePort: 9001
+    parameters:
+    - ssl
+  ingress:
+    enabled: true
+dblessConfig:
+  config: |
+    _format_version: "1.1"
+    services:
+      - name: example.com
+        url: http://example.com
+        routes:
+        - name: example
+          paths:
+          - "/example"
--- a/build_system/charts/open-appsec-kong/ci/test5-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test5-values.yaml
@@ -0,0 +1,50 @@
+# This tests the following unrelated aspects of Ingress Controller
+# - ingressController deploys with a database
+# - TODO remove this test when https://github.com/Kong/charts/issues/295 is solved
+#   and its associated wait-for-db workaround is removed.
+#   This test is similar to test2-values.yaml, but lacks a stream listen.
+#   wait-for-db will _not_ create a socket file. This test ensures the workaround
+#   does not interfere with startup when there is no file to remove.
+
+ingressController:
+  enabled: true
+  env:
+    anonymous_reports: "false"
+postgresql:
+  enabled: true
+  auth:
+    username: kong
+    password: kong
+  service:
+    ports:
+      postgresql: 5432
+env:
+  anonymous_reports: "off"
+  database: "postgres"
+# Added example for customEnv
+customEnv:
+  client_id: "exampleId"
+# - ingress resources are created without hosts
+admin:
+  type: NodePort
+  ingress:
+    enabled: true
+    hosts: []
+    path: /
+proxy:
+  type: NodePort
+  ingress:
+    enabled: true
+    hostname: proxy.kong.example
+    annotations: {}
+    path: /
+
+# - PDB is enabled
+podDisruptionBudget:
+  enabled: true
+# update strategy
+updateStrategy:
+  type: "RollingUpdate"
+  rollingUpdate:
+    maxSurge: 1
+    maxUnavailable: 0
--- a/build_system/charts/open-appsec-kong/ci/test6-values.yaml
+++ b/build_system/charts/open-appsec-kong/ci/test6-values.yaml
@@ -0,0 +1,34 @@
+# CI test for testing dbless deployment without ingress controllers
+# - disable ingress controller
+# - no static config
+ingressController:
+  enabled: false
+# - disable DB for kong
+env:
+  anonymous_reports: "off"
+  database: "off"
+postgresql:
+  enabled: false
+proxy:
+  type: NodePort
+deployment:
+  initContainers:
+    - name: "bash"
+      image: "bash:latest"
+      command: ["/bin/sh", "-c", "true"]
+      resources:
+        limits:
+          cpu: "100m"
+          memory: "64Mi"
+        requests:
+          cpu: "100m"
+          memory: "64Mi"
+      volumeMounts:
+      - name: "tmpdir"
+        mountPath: "/opt/tmp"
+  userDefinedVolumes:
+  - name: "tmpdir"
+    emptyDir: {}
+  userDefinedVolumeMounts:
+  - name: "tmpdir"
+    mountPath: "/opt/tmp"