Hello,
I have installed Kong Enterprise using the helm chart (charts/charts/kong at main · Kong/charts · GitHub).
I have enabled the portal in values.env and also portal.enabled (in the values file - which is pasted below)
Some specifics:
- I have enabled http2 - as we need gRPC
- I am terminating SSL on the AWS NLB
When I access the developer-portal, I get the literal text response: “layouts/_base.html”. Seems to indicate something wrong in developer-portal rendering.
I tried curling the kong pod on port 8003 from another pod in the cluster. Same result.
$ k exec -it netshoot – bash
bash-5.1# curl 100.101.163.185:8003
layouts/_base.html
image:
repository: kong/kong-gateway
tag: 2.3.3.0-alpine
pullSecrets:
- docker-registry
env:
log_level: debug
prefix: /kong_prefix/
database: "postgres"
proxy_listen: 0.0.0.0:8000 http2
admin_gui_url: https://kong-manager.test.mydomain
admin_api_uri: https://kong-admin-api.test.mydomain
portal_api_url: https://kong-portalapi.test.mydomain
portal_gui_host: developer-portal.test.mydomain
portal_gui_protocol: https
portal: on
#portal_auth: "key-auth"
#portal_session_conf:
# valueFrom:
# secretKeyRef:
# name: kong-session-config
# key: portal_session_conf
password:
valueFrom:
secretKeyRef:
name: kong-enterprise-superuser-password
key: password
### The admin API
### This also need to be accessible from the browser for manager GUI to work
admin:
enabled: true
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
orbitalinsight/dns-manager: external-dns
external-dns.alpha.kubernetes.io/hostname: kong-admin-api.test.mydomain.
http:
enabled: true
servicePort: 443
containerPort: 8001
tls:
enabled: false
ingress:
enabled: false
###
proxy:
enabled: true
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
orbitalinsight/dns-manager: external-dns
external-dns.alpha.kubernetes.io/hostname: kong-proxy.test.mydomain.
http:
enabled: false
servicePort: 80
containerPort: 8000
parameters: []
tls:
enabled: true
servicePort: 443
containerPort: 8000
parameters:
- http2
stream: {}
ingress:
enabled: false
annotations: {}
path: /
externalIPs: []
###
enterprise:
enabled: true
# CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
license_secret: kong-enterprise-license
vitals:
enabled: true
portal:
enabled: true
rbac:
enabled: true
admin_gui_auth: basic-auth
session_conf_secret: kong-session-config
admin_gui_auth_conf_secret: kong-session-config
smtp:
enabled: false
portal_emails_from: none@example.com
portal_emails_reply_to: none@example.com
admin_emails_from: none@example.com
admin_emails_reply_to: none@example.com
smtp_admin_emails: none@example.com
smtp_host: smtp.example.com
smtp_port: 587
smtp_auth_type: ''
smtp_ssl: nil
smtp_starttls: true
auth:
smtp_username: '' # e.g. postmaster@example.com
smtp_password_secret: CHANGEME-smtp-password
###
### This is the Kong Manager Web UI
### Should be accessible only internally with a well known DNS name
manager:
enabled: true
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-manager"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
orbitalinsight/dns-manager: external-dns
external-dns.alpha.kubernetes.io/hostname: kong-manager.test.mydomain.
http:
enabled: true
servicePort: 443
containerPort: 8002
tls:
enabled: false
ingress:
enabled: false
###
portal:
enabled: true
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-portal"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
orbitalinsight/dns-manager: external-dns
external-dns.alpha.kubernetes.io/hostname: developer-portal.test.mydomain.
http:
enabled: true
servicePort: 443
containerPort: 8003
tls:
enabled: false
ingress:
enabled: false
###
portalapi:
enabled: true
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-portalapi"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
orbitalinsight/dns-manager: external-dns
external-dns.alpha.kubernetes.io/hostname: kong-portalapi.test.mydomain.
http:
enabled: true
servicePort: 443
containerPort: 8004
tls:
enabled: false
ingress:
enabled: false
###
postgresql:
enabled: true
postgresqlUsername: kong
postgresqlPassword: mypassword
postgresqlDatabase: kong
service:
port: 5432
###
ingressController:
enabled: true
installCRDs: false
ingressClass: kong
args:
- "-v=3"
env:
kong_admin_tls_skip_verify: true
#admin_gui_url: https://kong-admin-api.test.mydomain
#admin_api_uri: https://kong-admin-api.test.mydomain
# KIC overrides any edits made in Kong Manager
#enable_reverse_sync: true
#sync_period: "1m"
#publish_service: "cp/controlplane-kong-admin"
kong_admin_token:
valueFrom:
secretKeyRef:
name: kong-enterprise-superuser-password
key: password
admissionWebhook:
enabled: false
failurePolicy: Fail
port: 8080