Amber-Wish commented on issue #9123:
URL: https://github.com/apache/apisix/issues/9123#issuecomment-1477222968
```
global:
imagePullSecrets: []
apisix:
enabled: true
enableIPv6: true
enableServerTokens: true
setIDFromPodUID: false
customLuaSharedDicts: []
luaModuleHook:
enabled: false
luaPath: ""
hookPoint: ""
configMapRef:
name: ""
mounts:
- key: ""
path: ""
httpRouter: radixtree_uri
enableCustomizedConfig: false
customizedConfig: {}
image:
repository: apache/apisix
pullPolicy: IfNotPresent
tag: 3.2.0-debian
kind: Deployment
replicaCount: 1
priorityClassName: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
podDisruptionBudget:
enabled: false
minAvailable: 90%
maxUnavailable: 1
resources: {}
hostNetwork: false
nodeSelector: {}
tolerations: []
affinity: {}
timezone: ""
extraEnvVars: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: false
annotations: {}
name: ""
rbac:
create: false
deployment:
mode: traditional
role: "traditional"
controlPlane:
confServerPort: "9280"
certsSecret: ""
cert: ""
certKey: ""
dataPlane:
controlPlane:
host: []
prefix: "/apisix"
timeout: 30
certs:
certsSecret: ""
cert: ""
cert_key: ""
mTLSCACertSecret: ""
mTLSCACert: ""
gateway:
type: NodePort
externalTrafficPolicy: Cluster
externalIPs: []
http:
enabled: true
servicePort: 80
containerPort: 9080
additionalContainerPorts: []
tls:
enabled: false
servicePort: 443
containerPort: 9443
additionalContainerPorts: []
existingCASecret: ""
certCAFilename: ""
http2:
enabled: true
sslProtocols: "TLSv1.2 TLSv1.3"
stream:
enabled: false
only: false
tcp: []
udp: []
ingress:
enabled: false
annotations: {}
hosts:
- host: apisix.local
paths: []
tls: []
labelsOverride: {}
admin:
enabled: true
type: ClusterIP
externalIPs: []
port: 9180
servicePort: 9180
cors: true
credentials:
admin: edd1c9f034335f136f87ad84b625c8f1
viewer: 4054f7cf07e344346cd3f287985e76a2
allow:
ipList:
- 127.0.0.1/24
ingress:
enabled: false
annotations:
{}
hosts:
- host: apisix-admin.local
paths:
- "/apisix"
tls: []
nginx:
workerRlimitNofile: "20480"
workerConnections: "10620"
workerProcesses: auto
enableCPUAffinity: true
envs: []
plugins:
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- file-logger
- grpc-transcode
- grpc-web
- hmac-auth
- http-logger
- ip-restriction
- ua-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- authz-casbin
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
- gzip
- real-ip
- ext-plugin-pre-req
- ext-plugin-post-req
- server-info
stream_plugins:
- mqtt-proxy
- ip-restriction
- limit-conn
pluginAttrs: {}
extPlugin:
enabled: false
cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
wasmPlugins:
enabled: false
plugins: []
customPlugins:
enabled: true
luaPath: "/opts/custom_plugins/?.lua"
plugins:
- name: "prometheus"
attrs:
export_addr:
ip: 0.0.0.0
port: 9091
configMap:
name: "prometheus"
mounts:
- key: ""
path: ""
updateStrategy: {}
# type: RollingUpdate
extraVolumes: []
extraVolumeMounts: []
extraInitContainers: []
discovery:
# -- Enable or disable Apache APISIX integration service discovery
enabled: false
# -- Registry is the same to the one in APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
# and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery)
registry: {}
# Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
# reference:
#
https://apisix.apache.org/docs/apisix/discovery/#configuration-for-eureka
#
https://apisix.apache.org/docs/apisix/discovery/dns/#service-discovery-via-dns
#
https://apisix.apache.org/docs/apisix/discovery/consul_kv/#configuration-for-consul-kv
#
https://apisix.apache.org/docs/apisix/discovery/nacos/#configuration-for-nacos
#
https://apisix.apache.org/docs/apisix/discovery/kubernetes/#configuration
#
# an eureka example:
# ```
# eureka:
# host:
# - "http://${username}:${password}@${eureka_host1}:${eureka_port1}";
# - "http://${username}:${password}@${eureka_host2}:${eureka_port2}";
# prefix: "/eureka/"
# fetch_interval: 30
# weight: 100
# timeout:
# connect: 2000
# send: 2000
# read: 5000
# ```
#
# the minimal Kubernetes example:
# ```
# kubernetes: {}
# ```
#
# The prerequisites for the above minimal Kubernetes example:
# 1. [Optional] Set `.serviceAccount.create` to `true` to create a
dedicated ServiceAccount.
# It is recommended to do so, otherwise the default ServiceAccount
"default" will be used.
# 2. [Required] Set `.rbac.create` to `true` to create and bind the
necessary RBAC resources.
# This grants the ServiceAccount in use to List-Watch Kubernetes
Endpoints resources.
# 3. [Required] Include the following environment variables in
`.nginx.envs` to pass them into
# nginx worker processes
(https://nginx.org/en/docs/ngx_core_module.html#env):
# - KUBERNETES_SERVICE_HOST
# - KUBERNETES_SERVICE_PORT
# This is for allowing the default `host` and `port` of
`.discovery.registry.kubernetes.service`.
# access log and error log configuration
logs:
# -- Enable access log or not, default true
enableAccessLog: true
# -- Access log path
accessLog: "/dev/stdout"
# -- Access log format
accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time
\"$upstream_scheme://$upstream_host$upstream_uri\"'
# -- Allows setting json or default characters escaping in variables
accessLogFormatEscape: default
# -- Error log path
errorLog: "/dev/stderr"
# -- Error log level
errorLogLevel: "warn"
dns:
resolvers:
- 127.0.0.1
- 172.20.0.10
- 114.114.114.114
- 223.5.5.5
- 1.1.1.1
- 8.8.8.8
validity: 30
timeout: 5
initContainer:
# -- Init container image
image: busybox
# -- Init container tag
tag: 1.28
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# -- Custom configuration snippet.
configurationSnippet:
main: |
httpStart: |
httpEnd: |
httpSrv: |
httpAdmin: |
stream: |
serviceMonitor:
# -- Enable or disable Apache APISIX serviceMonitor
enabled: true
# -- namespace where the serviceMonitor is deployed, by default, it is the
same as the namespace of the apisix
namespace: "apisix-system"
# -- name of the serviceMonitor, by default, it is the same as the apisix
fullname
name: ""
# -- interval at which metrics should be scraped
interval: 15s
# -- path of the metrics endpoint
path: /apisix/prometheus/metrics
# -- prefix of the metrics
metricPrefix: apisix_
# -- container port where the metrics are exposed
containerPort: 9091
# -- @param serviceMonitor.labels ServiceMonitor extra labels
labels: {}
# -- @param serviceMonitor.annotations ServiceMonitor annotations
annotations: {}
etcd:
# -- install etcd(v3) by default, set false if do not want to install
etcd(v3) together
enabled: true
# -- if etcd.enabled is false, use external etcd, support multiple
address, if your etcd cluster enables TLS, please use https scheme, e.g.
https://127.0.0.1:2379.
host:
# host or ip e.g. http://172.20.128.89:2379
- http://etcd.host:2379
# -- if etcd.enabled is false, username for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
user: ""
# -- if etcd.enabled is false, password for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
password: ""
# -- apisix configurations prefix
prefix: "/apisix"
# -- Set the timeout value in seconds for subsequent socket operations
from apisix to etcd cluster
timeout: 30
# -- if etcd.enabled is true, set more values of bitnami/etcd helm chart
auth:
rbac:
# -- No authentication by default. Switch to enable RBAC authentication
create: false
# -- root password for etcd. Requires etcd.auth.rbac.create to be true.
rootPassword: ""
tls:
# -- enable etcd client certificate
enabled: false
# -- name of the secret contains etcd client cert
existingSecret: ""
# -- etcd client cert filename using in etcd.auth.tls.existingSecret
certFilename: ""
# -- etcd client cert key filename using in
etcd.auth.tls.existingSecret
certKeyFilename: ""
# -- whether to verify the etcd endpoint certificate when setup a TLS
connection to etcd
verify: true
# -- specify the TLS Server Name Indication extension, the ETCD
endpoint hostname will be used when this setting is unset.
sni: ""
service:
port: 2379
replicaCount: 3
dashboard:
enabled: true
service:
type: NodePort
config:
conf:
etcd:
# -- Supports defining multiple etcd host addresses for an etcd
cluster
endpoints:
- apisix-etcd:2379
# -- apisix configurations prefix
prefix: "/apisix"
# -- Specifies etcd basic auth username if enable etcd auth
username: ~
# -- Specifies etcd basic auth password if enable etcd auth
password: ~
# -- Ingress controller configuration
ingress-controller:
enabled: true
config:
apisix:
serviceNamespace: apisix-system
adminAPIVersion: "v3"
vault:
# -- Enable or disable the vault integration
enabled: false
# -- The host address where the vault server is running.
host: ""
# -- HTTP timeout for each request.
timeout: 10
# -- The generated token from vault instance that can grant access to read
data from the vault.
token: ""
# -- Prefix allows you to better enforcement of policies.
prefix: ""
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
