Kong启动参数
2024-07-03 本文已影响0人
国服最坑开发
参考: https://giter.site/kong/kong/issues/13250
- env:
- name: KONG_NGINX_MAIN_ENV
value: "SPLUNK_HOST; env KONG_SSL_CERT_KEY; env KONG_SSL_CERT_DER"
- name: KONG_ADMIN_GUI_LISTEN
value: "0.0.0.0:8002, 0.0.0.0:8445"
- name: KONG_NGINX_HTTP_KEEPALIVE_REQUESTS
value: "50000"
- name: KONG_NGINX_HTTP_KEEPALIVE_TIMEOUT
value: "120s"
- name: KONG_NGINX_HTTP_CLIENT_MAX_BODY_SIZE
value: "50m"
- name: KONG_NGINX_HTTP_CLIENT_BODY_BUFFER_SIZE
value: "50m"
- name: KONG_NGINX_HTTP_LARGE_CLIENT_HEADER_BUFFERS
value: "2 20k"
- name: KONG_NGINX_HTTP_TCP_NODELAY
value: "on"
- name: KONG_NGINX_HTTP_TCP_NOPUSH
value: "on"
- name: KONG_NGINX_HTTP_PROXY_BUFFER_SIZE
value: "32k"
- name: KONG_NGINX_HTTP_PROXY_BUFFERS
value: "10 2m"
- name: KONG_NGINX_HTTP_PROXY_BUSY_BUFFERS_SIZE
value: "4m"
- name: KONG_NGINX_HTTP_RESET_TIMEDOUT_CONNECTION
value: "on"
- name: KONG_NGINX_HTTP_HTTP2_RECV_BUFFER_SIZE
value: "20m"
- name: KONG_NGINX_HTTP_HTTP2_BODY_PREREAD_SIZE
value: "2m"
- name: KONG_NGINX_UPSTREAM_KEEPALIVE
value: "90"
- name: KONG_NGINX_UPSTREAM_KEEPALIVE_REQUESTS
value: "50000"
- name: KONG_NGINX_UPSTREAM_KEEPALIVE_TIMEOUT
value: "120"
- name: KONG_UPSTREAM_KEEPALIVE_POOL_SIZE
value: "1024"
- name: KONG_UPSTREAM_KEEPALIVE_MAX_REQUESTS
value: "50000"
- name: KONG_UPSTREAM_KEEPALIVE_IDLE_TIMEOUT
value: "120"
- name: KONG_UNTRUSTED_LUA
value: "on"
- name: CRL_DOWNLOAD_URL
value: XXXXXXXXX
- name: KONG_NGINX_MAIN_WORKER_PROCESSES
value: "3"
- name: KONG_LOG_LEVEL
value: notice
- name: KONG_PROXY_ACCESS_LOG
value: "off"
- name: KONG_ADMIN_ACCESS_LOG
value: "off"
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ANONYMOUS_REPORTS
value: "off"
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2 deferred reuseport backlog=16384
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001 deferred reuseport backlog=16384
- name: KONG_MEM_CACHE_SIZE
value: 1024m
- name: KONG_SSL_CERT
value: /usr/local/kong/ssl/kongcert.crt
- name: KONG_SSL_CERT_DER
value: /usr/local/kong/ssl/kongcertder.der
- name: KONG_SSL_CERT_KEY
value: /usr/local/kong/ssl/kongprivatekey.key
- name: KONG_CLIENT_SSL
value: "off"
- name: KONG_ADMIN_SSL_ENABLED
value: "off"
- name: KONG_HEADERS
value: latency_tokens
- name: KONG_CLIENT_MAX_BODY_SIZE
value: 50m
- name: KONG_CLIENT_BODY_BUFFER_SIZE
value: 50m
- name: KONG_ERROR_DEFAULT_TYPE
value: text/plain
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_MAX_CONCURRENT_QUERIES
value: "33"
- name: KONG_PG_SSL
value: "on"
- name: KONG_PG_SSL_REQUIRED
value: "on"
- name: KONG_PG_SSL_VERIFY
value: "on"
- name: KONG_PG_TLS_VERSION
value: "tlsv1_2"
- name: KONG_PG_HOST
value: XXXXXXXX
- name: KONG_PG_PORT
value: "5432"
- name: KONG_PG_USER
valueFrom:
secretKeyRef:
key: username
name: postgres-secret
- name: KONG_PG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgres-secret
- name: KONG_PG_TIMEOUT
value: "8000"
- name: KONG_PG_DATABASE
value: XXXXXX
- name: KONG_PG_RO_SSL
value: "on"
- name: KONG_PG_RO_SSL_REQUIRED
value: "on"
- name: KONG_PG_RO_SSL_VERIFY
value: "on"
- name: KONG_PG_RO_TLS_VERSION
value: "tlsv1_2"
- name: KONG_PG_RO_HOST
value: XXXXXXXX
- name: KONG_PG_RO_PORT
value: "5432"
- name: KONG_PG_RO_USER
valueFrom:
secretKeyRef:
key: username
name: postgres-secret
- name: KONG_PG_RO_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgres-secret
- name: KONG_PG_RO_TIMEOUT
value: "8000"
- name: KONG_PG_RO_DATABASE
value: XXXXX
- name: KONG_DB_UPDATE_FREQUENCY
value: "5"
- name: KONG_DB_UPDATE_PROPAGATION
value: "0"
- name: KONG_DB_CACHE_TTL
value: "0"
- name: KONG_DNS_HOSTSFILE
value: /etc/hosts
- name: KONG_DNS_STALE_TTL
value: "4"
- name: KONG_DNS_NOT_FOUND_TTL
value: "10"
- name: KONG_DNS_RESOLVER
value: XXXXXX,XXXXXXXX
- name: KONG_DNS_ERROR_TTL
value: "1"
- name: KONG_DNS_NO_SYNC
value: "off"
- name: KONG_LUA_SSL_TRUSTED_CERTIFICATE
value: /usr/local/kong/ssl/kongcert.pem
- name: KONG_LUA_SSL_VERIFY_DEPTH
value: "3"
- name: KONG_LUA_SOCKET_POOL_SIZE
value: "256"
- name: SPLUNK_HOST
value: XXXXXXXXXXXXXXX
- name: LOCALDOMAIN
value: .
- name: RES_OPTIONS
value: ndots:1
- name: KONG_DNS_ORDER
value: LAST,A,SRV,CNAME
- name: KONG_PLUGINS
value: bundled,nonamesecurity,kong-plugin-oauth-proxy,kong-kafka-log,stargate-waf-error-log,mtls,kong-tx-debugger,kong-error-log,kong-oidc-implicit-token,kong-response-size-limiting,kong-service-virtualization,kong-cluster-drain,kong-upstream-jwt,kong-splunk-log,kong-spec-expose,kong-path-based-routing,kong-oidc-multi-idp
- name: KONG_TRUSTED_IPS
value: 0.0.0.0/0,::/0
- name: KONG_NGINX_PROXY_REAL_IP_HEADER
value: X-Forwarded-For
- name: KONG_NGINX_PROXY_REAL_IP_RECURSIVE
value: "on"
- name: KONG_WORKER_CONSISTENCY
value: eventual
- name: KONG_WORKER_STATE_UPDATE_FREQUENCY
value: "5"
- name: KONG_DB_CACHE_WARMUP_ENTITIES
value: services,consumers,acls,certificates,jwt_secrets,oauth2_credentials
- name: LUA_PATH
value: /usr/local/kong/luarocks/share/lua/5.1/?.lua;;/usr/local/kong/luarocks/share/lua/5.1/?/init.lua;
- name: KONG_NGINX_HTTP_SSL_PROTOCOLS
value: TLSv1.2 TLSv1.3
- name: KONG_SSL_CIPHER_SUITE
value: intermediate
