This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new bd71ee0 feat: add decoupled mode support (#461)
bd71ee0 is described below
commit bd71ee0b12363efed20a101522979c545fdc6a4e
Author: Jintao Zhang <[email protected]>
AuthorDate: Wed Feb 8 14:21:05 2023 +0800
feat: add decoupled mode support (#461)
---
charts/apisix/README.md | 12 +++++++
charts/apisix/templates/_pod.tpl | 14 ++++++++
charts/apisix/templates/configmap.yaml | 37 ++++++++++++++++++++-
charts/apisix/templates/service-control-plane.yaml | 38 ++++++++++++++++++++++
charts/apisix/values.yaml | 36 ++++++++++++++++++++
5 files changed, 136 insertions(+), 1 deletion(-)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 1249619..515594d 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -101,6 +101,18 @@ The command removes all the Kubernetes components
associated with the chart and
| customPlugins.plugins[0].configMap | object |
`{"mounts":[{"key":"","path":""},{"key":"","path":""}],"name":""}` | plugin
codes can be saved inside configmap object. |
| customPlugins.plugins[0].configMap.mounts | list |
`[{"key":"","path":""},{"key":"","path":""}]` | since keys in configmap is
flat, mountPath allows to define the mount path, so that plugin codes can be
mounted hierarchically. |
| customPlugins.plugins[0].configMap.name | string | `""` | name of configmap.
|
+| deployment.controlPlane | object |
`{"cert":"","certKey":"","certsSecret":"","clientCACert":"","confServerPort":"9280"}`
| used for control_plane deployment mode |
+| deployment.controlPlane.cert | string | `""` | conf Server CA cert name in
certsSecret |
+| deployment.controlPlane.certKey | string | `""` | conf Server cert key name
in certsSecret |
+| deployment.controlPlane.certsSecret | string | `""` | secret name used by
conf Server |
+| deployment.controlPlane.clientCACert | string | `""` | conf Server mTLS cert
name in certsSecret |
+| deployment.controlPlane.confServerPort | string | `"9280"` | conf Server
address |
+| deployment.dataPlane | object |
`{"controlPlane":{"host":[],"prefix":"/apisix","timeout":30}}` | used for
data_plane deployment mode |
+| deployment.dataPlane.controlPlane.host | list | `[]` | The hosts of the
control_plane used by the data_plane |
+| deployment.dataPlane.controlPlane.prefix | string | `"/apisix"` | The prefix
of the control_plane used by the data_plane |
+| deployment.dataPlane.controlPlane.timeout | int | `30` | Timeout when the
data plane connects to the control plane |
+| deployment.mode | string | `"traditional"` | Apache APISIX deployment mode
Optional: traditional, decoupled ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
+| deployment.role | string | `"traditional"` | Deployment role Optional:
traditional, data_plane, control_plane ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
| discovery.enabled | bool | `false` | Enable or disable Apache APISIX
integration service discovery |
| discovery.registry | object | `{}` | Registry is the same to the one in
APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery) |
| dns.resolvers[0] | string | `"127.0.0.1"` | |
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index 5c5eedd..9561fc6 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -79,6 +79,8 @@ spec:
{{- end }}
{{- end }}
{{- end }}
+
+ {{- if ne .Values.deployment.role "control_plane" }}
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 10
@@ -87,6 +89,7 @@ spec:
tcpSocket:
port: {{ .Values.gateway.http.containerPort }}
timeoutSeconds: 1
+ {{- end }}
lifecycle:
preStop:
exec:
@@ -108,6 +111,12 @@ spec:
name: ssl
subPath: {{ .Values.gateway.tls.certCAFilename }}
{{- end }}
+
+ {{- if eq .Values.deployment.role "control_plane" }}
+ - mountPath: /conf-server-ssl
+ name: conf-server-ssl
+ {{- end }}
+
{{- if .Values.etcd.auth.tls.enabled }}
- mountPath: /etcd-ssl
name: etcd-ssl
@@ -165,6 +174,11 @@ spec:
secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
name: etcd-ssl
{{- end }}
+ {{- if eq .Values.deployment.role "control_plane" }}
+ - secret:
+ secretName: {{ .Values.deployment.controlPlane.certsSecret | quote }}
+ name: conf-server-ssl
+ {{- end }}
{{- if .Values.apisix.setIDFromPodUID }}
- downwardAPI:
items:
diff --git a/charts/apisix/templates/configmap.yaml
b/charts/apisix/templates/configmap.yaml
index 42e9adf..39ba9d7 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -45,7 +45,9 @@ data:
{{- end }}
{{- else }}
apisix: # universal configurations
+ {{- if not (eq .Values.deployment.role "control_plane") }}
node_listen: {{ .Values.gateway.http.containerPort }} # APISIX
listening port
+ {{- end }}
enable_heartbeat: true
enable_admin: {{ .Values.admin.enabled }}
enable_admin_cors: {{ .Values.admin.cors }}
@@ -250,9 +252,26 @@ data:
{{- end }}
deployment:
- role: traditional
+ role: {{ .Values.deployment.role }}
+ {{- if or (eq .Values.deployment.role "traditional") (eq
.Values.deployment.role "control_plane") }}
+
+ {{- if eq .Values.deployment.role "traditional" }}
role_traditional:
config_provider: etcd
+ {{- end }}
+
+ {{- if eq .Values.deployment.role "control_plane" }}
+ role_control_plane:
+ config_provider: etcd
+ conf_server:
+ listen: 0.0.0.0:{{ .Values.deployment.controlPlane.confServerPort }}
+ cert: "/conf-server-ssl/{{ .Values.deployment.controlPlane.cert }}"
+ cert_key: "/conf-server-ssl/{{
.Values.deployment.controlPlane.certKey }}"
+ {{- if .Values.deployment.controlPlane.clientCACert }}
+ client_ca_cert: "/conf-server-ssl/{{
.Values.deployment.controlPlane.clientCACert }}"
+ {{- end }}
+ {{- end }}
+
admin:
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
{{- if .Values.admin.allow.ipList }}
@@ -284,6 +303,8 @@ data:
- name: "viewer"
key: {{ .Values.admin.credentials.viewer }}
role: viewer
+
+ {{- if not (eq .Values.deployment.role "data_plane") }}
etcd:
{{- if .Values.etcd.enabled }}
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
@@ -312,4 +333,18 @@ data:
sni: "{{ .Values.etcd.auth.tls.sni }}"
{{- end }}
{{- end }}
+ {{- end }}
+ {{- end }}
+
+ {{- if eq .Values.deployment.role "data_plane" }}
+ role_data_plane:
+ config_provider: control_plane
+ control_plane:
+ host:
+ {{- range $.Values.deployment.dataPlane.controlPlane.host }}
+ - {{ . | quote }}
+ {{- end }}
+ prefix: {{ .Values.deployment.dataPlane.controlPlane.prefix }}
+ timeout: {{ .Values.deployment.dataPlane.controlPlane.timeout }}
+ {{- end }}
{{- end }}
diff --git a/charts/apisix/templates/service-control-plane.yaml
b/charts/apisix/templates/service-control-plane.yaml
new file mode 100644
index 0000000..a532641
--- /dev/null
+++ b/charts/apisix/templates/service-control-plane.yaml
@@ -0,0 +1,38 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and (eq .Values.deployment.mode "decoupled") (eq
.Values.deployment.role "control_plane") }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "apisix.fullname" . }}-control-plane
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ {{- range $key, $value := .Values.admin.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ {{- include "apisix.labels" . | nindent 4 }}
+ app.kubernetes.io/service: apisix-control-plane
+spec:
+ type: "ClusterIP"
+ ports:
+ - name: apisix-control-plane
+ port: {{ .Values.deployment.controlPlane.confServerPort }}
+ targetPort: {{ .Values.deployment.controlPlane.confServerPort }}
+ protocol: TCP
+ selector:
+ {{- include "apisix.selectorLabels" . | nindent 4 }}
+{{ end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 51cb72c..c7544c5 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -168,6 +168,42 @@ serviceAccount:
rbac:
create: false
+deployment:
+ # -- Apache APISIX deployment mode
+ # Optional: traditional, decoupled
+ #
+ # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
+ mode: traditional
+
+ # -- Deployment role
+ # Optional: traditional, data_plane, control_plane
+ #
+ # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
+ role: "traditional"
+
+ # -- used for control_plane deployment mode
+ controlPlane:
+ # -- conf Server address
+ confServerPort: "9280"
+ # -- secret name used by conf Server
+ certsSecret: ""
+ # -- conf Server CA cert name in certsSecret
+ cert: ""
+ # -- conf Server cert key name in certsSecret
+ certKey: ""
+ # -- conf Server mTLS cert name in certsSecret
+ clientCACert: ""
+
+ # -- used for data_plane deployment mode
+ dataPlane:
+ controlPlane:
+ # -- The hosts of the control_plane used by the data_plane
+ host: []
+ # -- The prefix of the control_plane used by the data_plane
+ prefix: "/apisix"
+ # -- Timeout when the data plane connects to the control plane
+ timeout: 30
+
gateway:
# -- Apache APISIX service type for user access itself
type: NodePort
