Configuration options allow you to customize the behavior of Kong Operator to meet your needs.
The default configuration will work for most users. These options are provided for advanced users.
Kong Operator configuration options
Uses:
Kong Gateway Operator
Related Documentation
Using environment variables
Each flag defined in the following table can also be configured using an environment variable.
The name of the environment variable is KONG_OPERATOR_ string followed by the name of flag in uppercase.
For example, --secret-label-selector can be configured using the following environment variable:
KONG_OPERATOR_SECRET_LABEL_SELECTOR=mylabel
Copied!
We recommend configuring all settings through environment variables and not CLI flags.
Flags
|
Flag |
Type |
Description |
Default |
|---|---|---|---|
--anonymous-reports
|
bool
|
Send anonymized usage data to help improve Kong. |
true
|
--apiserver-burst
|
string
|
The Kubernetes API RateLimiter maximum burst queries per second. |
300
|
--apiserver-host
|
string
|
The Kubernetes API server URL. If not set, the operator will use cluster config discovery. | |
--apiserver-qps
|
string
|
The Kubernetes API RateLimiter maximum queries per second. |
100
|
--cache-sync-period
|
string
|
Sets the minimum frequency for reconciling watched resources. Defaults to the controller-runtime value if unspecified or set to 0s. |
0s
|
--cache-sync-timeout
|
string
|
Sets the time limit for syncing controller caches. Defaults to the controller-runtime value if set to 0.
|
0s
|
--cluster-ca-key-size
|
string
|
Size (in bits) of the key used for the cluster CA certificate. Only used for RSA keys. |
4096
|
--cluster-ca-key-type
|
string
|
Type of the key used for the cluster CA certificate (possible values: ecdsa, rsa). Default: ecdsa. |
ecdsa
|
--cluster-ca-secret
|
string
|
Specifies the Secret name that contains the cluster CA certificate. |
kong-operator-ca
|
--cluster-ca-secret-namespace
|
string
|
Specifies the namespace of the Secret that contains the cluster CA certificate. | |
--cluster-domain
|
string
|
The cluster domain. This is used e.g. in generating addresses for upstream services. |
cluster.local
|
--config-map-label-selector
|
string
|
Limits the configmaps ingested to those having this label set to “true”. If empty, all config maps are ingested. |
konghq.com/configmap
|
--controller-name
|
string
|
Custom controller name, required only in multi-tenant setups. | |
--controlplane-config-dump-bind-address
|
string
|
The address where server dumps ControlPlane configuration. Only enabled when ‘enable-controlplane-config-dump’ is true. |
:10256
|
--emit-kubernetes-events
|
bool
|
Emit Kubernetes events for successful configuration applies, translation failures and configuration apply failures on managed objects. |
true
|
--enable-controller-aigateway
|
bool
|
Enable the AIGateway controller. (Experimental). |
false
|
--enable-controller-controlplane
|
bool
|
Enable the ControlPlane controller. |
true
|
--enable-controller-controlplaneextensions
|
bool
|
Enable the ControlPlane extensions controller. |
true
|
--enable-controller-dataplane
|
bool
|
Enable the DataPlane controller. |
true
|
--enable-controller-dataplane-bluegreen
|
bool
|
Enable the DataPlane BlueGreen controller. Mutually exclusive with DataPlane controller. |
true
|
--enable-controller-gateway
|
bool
|
Enable the Gateway controller. |
true
|
--enable-controller-kongplugininstallation
|
bool
|
Enable the KongPluginInstallation controller. |
false
|
--enable-controller-konnect
|
bool
|
Enable the Konnect controllers. |
false
|
--enable-controlplane-config-dump
|
bool
|
Enable the server to dump generated Kong configuration from ControlPlanes. Only effective when ControlPlane controller is enabled. |
false
|
--enable-conversion-webhook
|
bool
|
Enable the conversion webhook. |
true
|
--enable-gateway-api-experimental
|
bool
|
Enable the Gateway API experimental features. |
false
|
--enable-validating-webhook
|
bool
|
Enable the validating webhook. |
true
|
--enforce-config
|
bool
|
Enforce the configuration on the generated cluster resources. If set to false, the operator will only enforce the configuration when the owner resource spec changes. |
true
|
--health-probe-bind-address
|
string
|
The address the probe endpoint binds to. |
:8081
|
--konnect-controller-max-concurrent-reconciles
|
string
|
Maximum number of concurrent reconciles for Konnect entities. |
8
|
--konnect-sync-period
|
string
|
Sync period for Konnect entities. After a successful reconciliation of Konnect entities the controller will wait this duration before enforcing configuration on Konnect once again. |
1m0s
|
--kubeconfig
|
string
|
Path to the kubeconfig file. | |
--logging-mode
|
string
|
Logging mode to use. Possible values: production, development. |
"production"
|
--metrics-access-filter
|
string
|
Specifies the filter access function to be used for accessing the metrics endpoint (possible values: off, rbac). Default is off. |
off
|
--metrics-bind-address
|
string
|
The address the metric endpoint binds to. |
:8080
|
--no-leader-election
|
bool
|
Disable leader election for controller manager. Disabling this will not ensure there is only one active controller manager. |
false
|
--secret-label-selector
|
string
|
Limits the secrets ingested to those having this label set to “true”. If empty, all secrets are ingested. |
konghq.com/secret
|
--validate-images
|
bool
|
Validate the images set in ControlPlane and DataPlane specifications. |
true
|
--version
|
bool
|
Print version information. |
false
|
--watch-namespaces
|
string
|
Comma-separated list of namespaces to watch. If empty (default), all namespaces are watched. | |
--zap-devel
|
bool
|
Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) |
false
|
--zap-encoder
|
string
|
Zap log encoding (one of ‘json’ or ‘console’) | |
--zap-log-level
|
string
|
Zap Level to configure the verbosity of logging. Can be one of ‘debug’, ‘info’, ‘error’, ‘panic’or any integer value > 0 which corresponds to custom debug levels of increasing verbosity | |
--zap-stacktrace-level
|
string
|
Zap Level at and above which stacktraces are captured (one of ‘info’, ‘error’, ‘panic’). | |
--zap-time-encoding
|
string
|
Zap time encoding (one of ‘epoch’, ‘millis’, ‘nano’, ‘iso8601’, ‘rfc3339’ or ‘rfc3339nano’). Defaults to ‘epoch’. |