This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 16f7c60 feat: support multiple ports (#469)
16f7c60 is described below
commit 16f7c60c524c8ac43b5f0537a5b77db52a30eb48
Author: potato <[email protected]>
AuthorDate: Fri Mar 3 18:55:45 2023 +0800
feat: support multiple ports (#469)
---
charts/apisix/README.md | 6 ++++--
charts/apisix/templates/_pod.tpl | 10 ++++++++++
charts/apisix/templates/configmap.yaml | 9 ++++++++-
charts/apisix/templates/service-gateway.yaml | 11 +++++++++++
charts/apisix/values.yaml | 12 ++++++++++++
5 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 36e7254..f0cb402 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -152,12 +152,14 @@ The command removes all the Kubernetes components
associated with the chart and
| fullnameOverride | string | `""` | |
| gateway.externalIPs | list | `[]` | |
| gateway.externalTrafficPolicy | string | `"Cluster"` | |
-| gateway.http | object |
`{"containerPort":9080,"enabled":true,"servicePort":80}` | Apache APISIX
service settings for http |
+| gateway.http | object |
`{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}`
| Apache APISIX service settings for http |
+| gateway.http.additionalContainerPorts | list | `[]` | Support multiple http
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
|
| gateway.ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"tls":[]}`
| Using ingress access Apache APISIX service |
| gateway.ingress.annotations | object | `{}` | Ingress annotations |
| gateway.labelsOverride | object | `{}` | Override default labels assigned to
Apache APISIX gateway resources |
| gateway.stream | object | `{"enabled":false,"only":false,"tcp":[],"udp":[]}`
| Apache APISIX service settings for stream. L4 proxy (TCP/UDP) |
-| gateway.tls | object |
`{"certCAFilename":"","containerPort":9443,"enabled":false,"existingCASecret":"","http2":{"enabled":true},"servicePort":443,"sslProtocols":"TLSv1.2
TLSv1.3"}` | Apache APISIX service settings for tls |
+| gateway.tls | object |
`{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":false,"existingCASecret":"","http2":{"enabled":true},"servicePort":443,"sslProtocols":"TLSv1.2
TLSv1.3"}` | Apache APISIX service settings for tls |
+| gateway.tls.additionalContainerPorts | list | `[]` | Support multiple https
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
|
| gateway.tls.certCAFilename | string | `""` | Filename be used in the
gateway.tls.existingCASecret |
| gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret
contains trusted CA certificates in the PEM format used to verify the
certificate when APISIX needs to do SSL/TLS handshaking with external services
(e.g. etcd) |
| gateway.tls.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols
allowed to use. |
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index 0c7476e..49db791 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -44,9 +44,19 @@ spec:
- name: http
containerPort: {{ .Values.gateway.http.containerPort }}
protocol: TCP
+ {{- range .Values.gateway.http.additionalContainerPorts }}
+ - name: http-{{ .port | toString }}
+ containerPort: {{ .port }}
+ protocol: TCP
+ {{- end }}
- name: tls
containerPort: {{ .Values.gateway.tls.containerPort }}
protocol: TCP
+ {{- range .Values.gateway.tls.additionalContainerPorts }}
+ - name: tls-{{ .port | toString }}
+ containerPort: {{ .port }}
+ protocol: TCP
+ {{- end }}
{{- if .Values.admin.enabled }}
- name: admin
containerPort: {{ .Values.admin.port }}
diff --git a/charts/apisix/templates/configmap.yaml
b/charts/apisix/templates/configmap.yaml
index 0b0491a..df33828 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -46,7 +46,11 @@ data:
{{- else }}
apisix: # universal configurations
{{- if not (eq .Values.deployment.role "control_plane") }}
- node_listen: {{ .Values.gateway.http.containerPort }} # APISIX
listening port
+ node_listen: # APISIX listening port
+ - {{ .Values.gateway.http.containerPort }}
+ {{- with .Values.gateway.http.additionalContainerPorts }}
+ {{- toYaml . | nindent 8}}
+ {{- end }}
{{- end }}
enable_heartbeat: true
enable_admin: {{ .Values.admin.enabled }}
@@ -137,6 +141,9 @@ data:
listen:
- port: {{ .Values.gateway.tls.containerPort }}
enable_http2: {{ .Values.gateway.tls.http2.enabled }}
+ {{- with .Values.gateway.tls.additionalContainerPorts }}
+ {{- toYaml . | nindent 10}}
+ {{- end }}
ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
ssl_ciphers:
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-
[...]
{{- if and .Values.gateway.tls.enabled
.Values.gateway.tls.existingCASecret }}
diff --git a/charts/apisix/templates/service-gateway.yaml
b/charts/apisix/templates/service-gateway.yaml
index 5a8380a..0c3744a 100644
--- a/charts/apisix/templates/service-gateway.yaml
+++ b/charts/apisix/templates/service-gateway.yaml
@@ -57,6 +57,12 @@ spec:
{{- end }}
protocol: TCP
{{- end }}
+ {{- range .Values.gateway.http.additionalContainerPorts }}
+ - name: apisix-gateway-{{ .port | toString }}
+ port: {{ .port }}
+ targetPort: {{ .port }}
+ protocol: TCP
+ {{- end }}
{{- if or .Values.gateway.tls.enabled }}
- name: apisix-gateway-tls
port: {{ .Values.gateway.tls.servicePort }}
@@ -66,6 +72,11 @@ spec:
{{- end }}
protocol: TCP
{{- end }}
+ {{- range .Values.gateway.tls.additionalContainerPorts }}
+ - name: apisix-gateway-tls-{{ .port | toString }}
+ port: {{ .port }}
+ targetPort: {{ .port }}
+ {{- end }}
{{- if .Values.serviceMonitor.enabled }}
- name: prometheus
port: {{ .Values.serviceMonitor.containerPort }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index d193b65..5ad3f1f 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -233,11 +233,23 @@ gateway:
enabled: true
servicePort: 80
containerPort: 9080
+ # -- Support multiple http ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
+ additionalContainerPorts: []
+ # - port: 9081
+ # enable_http2: true # If not set, the default value is
`false`.
+ # - ip: 127.0.0.2 # Specific IP, If not set, the default
value is `0.0.0.0`.
+ # port: 9082
+ # enable_http2: true
# -- Apache APISIX service settings for tls
tls:
enabled: false
servicePort: 443
containerPort: 9443
+ # -- Support multiple https ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
+ additionalContainerPorts: []
+ # - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
+ # port: 9445
+ # enable_http2: true
# -- Specifies the name of Secret contains trusted CA certificates in the
PEM format used to verify the certificate when APISIX needs to do SSL/TLS
handshaking with external services (e.g. etcd)
existingCASecret: ""
# -- Filename be used in the gateway.tls.existingCASecret
