This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new f7fb5c0 feat: allow exposing admin api via ingress resource (#442)
f7fb5c0 is described below
commit f7fb5c071c488c1f583a1a136f4530a885d95467
Author: ikatlinsky <[email protected]>
AuthorDate: Tue Jan 10 08:40:42 2023 +0100
feat: allow exposing admin api via ingress resource (#442)
Co-authored-by: Katlinsky, Ilya <[email protected]>
---
charts/apisix/README.md | 2 +
charts/apisix/templates/ingress-admin.yaml | 76 ++++++++++++++++++++++++++++++
charts/apisix/values.yaml | 16 +++++++
3 files changed, 94 insertions(+)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index d14d3da..0eabf8d 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -47,6 +47,8 @@ The command removes all the Kubernetes components associated
with the chart and
| admin.credentials.viewer | string | `"4054f7cf07e344346cd3f287985e76a2"` |
Apache APISIX admin API viewer role credentials |
| admin.enabled | bool | `true` | Enable Admin API |
| admin.externalIPs | list | `[]` | IPs for which nodes in the cluster will
also accept traffic for the servic |
+| admin.ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-admin.local","paths":["/apisix"]}],"tls":[]}`
| Using ingress access Apache APISIX admin service |
+| admin.ingress.annotations | object | `{}` | Ingress annotations |
| admin.port | int | `9180` | which port to use for Apache APISIX admin API |
| admin.servicePort | int | `9180` | Service port to use for Apache APISIX
admin API |
| admin.type | string | `"ClusterIP"` | admin service type |
diff --git a/charts/apisix/templates/ingress-admin.yaml
b/charts/apisix/templates/ingress-admin.yaml
new file mode 100644
index 0000000..5a96cde
--- /dev/null
+++ b/charts/apisix/templates/ingress-admin.yaml
@@ -0,0 +1,76 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (and .Values.admin.enabled .Values.admin.ingress.enabled) -}}
+{{- $fullName := include "apisix.fullname" . -}}
+{{- $svcPort := .Values.admin.servicePort -}}
+{{- if and .Values.admin.ingress.className (not (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.admin.ingress.annotations
"kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.admin.ingress.annotations
"kubernetes.io/ingress.class" .Values.admin.ingress.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}-admin
+ labels:
+ {{- include "apisix.labels" . | nindent 4 }}
+ {{- with .Values.admin.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.admin.ingress.className (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.admin.ingress.className }}
+ {{- end }}
+ {{- if .Values.admin.ingress.tls }}
+ tls:
+ {{- range .Values.admin.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.admin.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ . }}
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.Version
}}
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: {{ $fullName }}-admin
+ port:
+ number: {{ $svcPort }}
+ {{- else -}}
+ backend:
+ serviceName: {{ $fullName }}-admin
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index bbbf3d0..66ea1bf 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -246,6 +246,22 @@ admin:
# -- The client IP CIDR allowed to access Apache APISIX Admin API service.
ipList:
- 127.0.0.1/24
+ # -- Using ingress access Apache APISIX admin service
+ ingress:
+ enabled: false
+ # -- Ingress annotations
+ annotations:
+ {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: apisix-admin.local
+ paths:
+ - "/apisix"
+ tls: []
+ # - secretName: apisix-tls
+ # hosts:
+ # - chart-example.local
nginx:
workerRlimitNofile: "20480"
