We have installed Kong enterprise free edition 3.0.0 on Azure Kubernetes Service. Installation is done via Kong's Helm chart.
We are able to access the Kong Manager without any issue. But, when I try to add a new "Service" via the manager portal, it is throwing "Network error".
Attached the Kong Pod/Svc/Endpoints details and the Kong Manger error for your reference. Can anyone please let me know what I am missing in the helm configuration
Please find the values.yaml below, used to create the kong API gateway
deployment:
kong:
enabled: true
serviceAccount:
create: true
automountServiceAccountToken: false
test:
enabled: false
daemonset: false
hostNetwork: false
prefixDir:
sizeLimit: 256Mi
tmpDir:
sizeLimit: 1Gi
env:
database: "postgres"
pg_host: "10.XX.XX.XX"
pg_port: 5432
pg_user: "postgres"
pg_password: "XXXXXXXXX"
pg_database: "kong"
router_flavor: "traditional"
nginx_worker_processes: "2"
proxy_access_log: /dev/stdout
admin_access_log: /dev/stdout
admin_gui_access_log: /dev/stdout
portal_api_access_log: /dev/stdout
proxy_error_log: /dev/stderr
admin_error_log: /dev/stderr
admin_gui_error_log: /dev/stderr
portal_api_error_log: /dev/stderr
prefix: /kong_prefix/
extraLabels: {}
image:
repository: kong/kong-gateway
tag: "3.0"
pullPolicy: IfNotPresent
admin:
enabled: true
type: LoadBalancer
annotations: {}
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
labels: {}
http:
enabled: true
servicePort: 8001
containerPort: 8001
parameters: []
tls:
enabled: true
servicePort: 8444
containerPort: 8444
parameters:
- http2
ingress:
enabled: true
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
status:
enabled: true
http:
enabled: true
containerPort: 8100
parameters: []
tls:
enabled: false
containerPort: 8543
parameters: []
clusterCaSecretName: ""
cluster:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8005
containerPort: 8005
parameters: []
type: ClusterIP
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
proxy:
enabled: true
type: LoadBalancer
annotations: {}
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
labels:
enable-metrics: "true"
http:
enabled: true
servicePort: 80
containerPort: 8000
parameters: []
tls:
enabled: false
servicePort: 443
containerPort: 8443
parameters:
- http2
stream: []
ingress:
enabled: true
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
udpProxy:
enabled: false
type: LoadBalancer
annotations: {}
labels: {}
stream: []
plugins: {}
secretVolumes: []
migrations:
preUpgrade: true
postUpgrade: true
annotations:
sidecar.istio.io/inject: false
jobAnnotations: {}
backoffLimit:
resources: {}
dblessConfig:
configMap: ""
config: |
_format_version: "1.1"
services:
# Example configuration
# - name: example.com
# url: http://example.com
# routes:
# - name: example
# paths:
# - "/example"
ingressController:
enabled: true
image:
repository: kong/kubernetes-ingress-controller
tag: "2.6"
effectiveSemver:
args: []
watchNamespaces: []
env:
kong_admin_tls_skip_verify: true
admissionWebhook:
enabled: false
failurePolicy: Ignore
port: 8080
certificate:
provided: false
ingressClass: kong
ingressClassAnnotations: {}
rbac:
create: true
livenessProbe:
httpGet:
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: "/healthz"
port: 10254
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources: {}
postgresql:
enabled: false
auth:
username: kong
database: kong
image:
tag: 13.6.0-debian-10-r52
service:
ports:
postgresql: "5432"
certificates:
enabled: false
issuer: ""
clusterIssuer: ""
proxy:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "app.example"
dnsNames: []
admin:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "kong.example"
dnsNames: []
portal:
enabled: true
issuer: ""
clusterIssuer: ""
commonName: "developer.example"
dnsNames: []
cluster:
enabled: true
issuer: ""
clusterIssuer: ""
waitImage:
enabled: true
pullPolicy: IfNotPresent
updateStrategy: {}
resources: {}
readinessProbe:
httpGet:
path: "/status"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: "/status"
port: status
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
lifecycle:
preStop:
exec:
command:
- kong
- quit
- '--wait=15'
terminationGracePeriodSeconds: 30
tolerations: []
nodeSelector: {}
podAnnotations:
kuma.io/gateway: enabled
traffic.sidecar.istio.io/includeInboundPorts: ""
podLabels: {}
replicaCount: 1
deploymentAnnotations: {}
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
behavior: {}
targetCPUUtilizationPercentage:
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
podDisruptionBudget:
enabled: false
podSecurityPolicy:
enabled: false
spec:
privileged: false
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
runAsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- 'configMap'
- 'secret'
- 'emptyDir'
allowPrivilegeEscalation: false
hostNetwork: false
hostIPC: false
hostPID: false
readOnlyRootFilesystem: true
priorityClassName: ""
securityContext: {}
containerSecurityContext: {}
serviceMonitor:
enabled: false
enterprise:
enabled: true
vitals:
enabled: true
portal:
enabled: false
rbac:
enabled: false
admin_gui_auth: basic-auth
session_conf_secret: kong-session-config
admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
smtp:
enabled: false
portal_emails_from: none@example.com
portal_emails_reply_to: none@example.com
admin_emails_from: none@example.com
admin_emails_reply_to: none@example.com
smtp_admin_emails: none@example.com
smtp_host: smtp.example.com
smtp_port: 587
smtp_auth_type: ''
smtp_ssl: nil
smtp_starttls: true
auth:
smtp_username: '' # e.g. postmaster@example.com
smtp_password_secret: CHANGEME-smtp-password
manager:
enabled: true
type: LoadBalancer
annotations: {}
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
labels: {}
http:
enabled: true
servicePort: 8002
containerPort: 8002
parameters: []
tls:
enabled: true
servicePort: 8445
containerPort: 8445
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
portal:
enabled: true
type: ClusterIP
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8003
containerPort: 8003
parameters: []
tls:
enabled: true
servicePort: 8446
containerPort: 8446
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
portalapi:
enabled: true
type: ClusterIP
annotations: {}
labels: {}
http:
enabled: true
servicePort: 8004
containerPort: 8004
parameters: []
tls:
enabled: true
servicePort: 8447
containerPort: 8447
parameters:
- http2
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
clustertelemetry:
enabled: false
annotations: {}
labels: {}
tls:
enabled: false
servicePort: 8006
containerPort: 8006
parameters: []
type: ClusterIP
ingress:
enabled: false
ingressClassName:
hostname:
annotations: {}
path: /
pathType: ImplementationSpecific
extraConfigMaps: []
extraSecrets: []
extraObjects: []
