This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/dev by this push:
new f2e21dc feat: re-struct apisix chart values (#547)
f2e21dc is described below
commit f2e21dc3d405fe2e48e299d0ff6d1c27f7906997
Author: Sarasa Kisaragi <[email protected]>
AuthorDate: Thu Jun 8 16:27:01 2023 +0800
feat: re-struct apisix chart values (#547)
---
charts/apisix/Chart.yaml | 2 +-
charts/apisix/README.md | 258 +++---
charts/apisix/templates/NOTES.txt | 14 +-
charts/apisix/templates/_helpers.tpl | 42 +-
charts/apisix/templates/_pod.tpl | 267 ------
charts/apisix/templates/configmap.yaml | 215 +++--
charts/apisix/templates/daemonset.yaml | 33 -
charts/apisix/templates/deployment.yaml | 286 ++++++-
charts/apisix/templates/etcd-secret.yaml | 10 +
charts/apisix/templates/hpa.yaml | 2 +-
charts/apisix/templates/ingress-admin.yaml | 22 +-
charts/apisix/templates/ingress.yaml | 22 +-
charts/apisix/templates/pdb.yaml | 8 +-
charts/apisix/templates/service-admin.yaml | 28 +-
charts/apisix/templates/service-control-plane.yaml | 8 +-
charts/apisix/templates/service-gateway.yaml | 50 +-
charts/apisix/templates/service-metrics.yaml | 6 +-
charts/apisix/templates/service-monitor.yaml | 20 +-
charts/apisix/values.yaml | 908 +++++++++++----------
19 files changed, 1113 insertions(+), 1088 deletions(-)
diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index d9665ed..e7e2225 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each
time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.4.0
+version: 2.0.0
# This is the version number of the application being deployed. This version
number should be
# incremented each time you make changes to the application. Versions are not
expected to
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 08628ce..27f8c0c 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -40,34 +40,62 @@ The command removes all the Kubernetes components
associated with the chart and
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR allowed
to access Apache APISIX Admin API service. |
-| admin.cors | bool | `true` | Admin API support CORS response headers |
-| admin.credentials | object |
`{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}`
| Admin API credentials |
-| admin.credentials.admin | string | `"edd1c9f034335f136f87ad84b625c8f1"` |
Apache APISIX admin API admin role credentials |
-| admin.credentials.secretName | string | `""` | The APISIX Helm chart
supports storing user credentials in a secret. The secret needs to contain two
keys, admin and viewer, with their respective values set. |
-| admin.credentials.viewer | string | `"4054f7cf07e344346cd3f287985e76a2"` |
Apache APISIX admin API viewer role credentials |
-| admin.enabled | bool | `true` | Enable Admin API |
-| admin.externalIPs | list | `[]` | IPs for which nodes in the cluster will
also accept traffic for the servic |
-| admin.ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-admin.local","paths":["/apisix"]}],"tls":[]}`
| Using ingress access Apache APISIX admin service |
-| admin.ingress.annotations | object | `{}` | Ingress annotations |
-| admin.ip | string | `"0.0.0.0"` | which ip to listen on for Apache APISIX
admin API. Set to `"[::]"` when on IPv6 single stack |
-| admin.port | int | `9180` | which port to use for Apache APISIX admin API |
-| admin.servicePort | int | `9180` | Service port to use for Apache APISIX
admin API |
-| admin.type | string | `"ClusterIP"` | admin service type |
-| apisix.affinity | object | `{}` | Set affinity for Apache APISIX deploy |
-| apisix.customLuaSharedDicts | list | `[]` | Add custom
[lua_shared_dict](https://github.com/openresty/lua-nginx-module#toc88)
settings, click
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
to learn the format of a shared dict |
-| apisix.customizedConfig | object | `{}` | If apisix.enableCustomizedConfig
is true, full customized config.yaml. Please note that other settings about
APISIX config will be ignored |
-| apisix.enableCustomizedConfig | bool | `false` | Enable full customized
config.yaml |
+| affinity | object | `{}` | Set affinity for Apache APISIX deploy |
+| apisix.admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR
allowed to access Apache APISIX Admin API service. |
+| apisix.admin.cors | bool | `true` | Admin API support CORS response headers |
+| apisix.admin.credentials | object |
`{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}`
| Admin API credentials |
+| apisix.admin.credentials.admin | string |
`"edd1c9f034335f136f87ad84b625c8f1"` | Apache APISIX admin API admin role
credentials |
+| apisix.admin.credentials.secretName | string | `""` | The APISIX Helm chart
supports storing user credentials in a secret. The secret needs to contain two
keys, admin and viewer, with their respective values set. |
+| apisix.admin.credentials.viewer | string |
`"4054f7cf07e344346cd3f287985e76a2"` | Apache APISIX admin API viewer role
credentials |
+| apisix.admin.enabled | bool | `true` | Enable Admin API |
+| apisix.admin.externalIPs | list | `[]` | IPs for which nodes in the cluster
will also accept traffic for the servic |
+| apisix.admin.ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-admin.local","paths":["/apisix"]}],"tls":[]}`
| Using ingress access Apache APISIX admin service |
+| apisix.admin.ingress.annotations | object | `{}` | Ingress annotations |
+| apisix.admin.ip | string | `"0.0.0.0"` | which ip to listen on for Apache
APISIX admin API. Set to `"[::]"` when on IPv6 single stack |
+| apisix.admin.port | int | `9180` | which port to use for Apache APISIX admin
API |
+| apisix.admin.servicePort | int | `9180` | Service port to use for Apache
APISIX admin API |
+| apisix.admin.type | string | `"ClusterIP"` | admin service type |
+| apisix.customPlugins | object |
`{"enabled":false,"luaPath":"/opts/custom_plugins/?.lua","plugins":[{"attrs":{},"configMap":{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"},"name":"plugin-name"}]}`
| customPlugins allows you to mount your own HTTP plugins. |
+| apisix.customPlugins.enabled | bool | `false` | Whether to configure some
custom plugins |
+| apisix.customPlugins.luaPath | string | `"/opts/custom_plugins/?.lua"` | the
lua_path that tells APISIX where it can find plugins, note the last ';' is
required. |
+| apisix.customPlugins.plugins[0] | object |
`{"attrs":{},"configMap":{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"},"name":"plugin-name"}`
| plugin name. |
+| apisix.customPlugins.plugins[0].attrs | object | `{}` | plugin attrs |
+| apisix.customPlugins.plugins[0].configMap | object |
`{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"}`
| plugin codes can be saved inside configmap object. |
+| apisix.customPlugins.plugins[0].configMap.mounts | list |
`[{"key":"the-file-name","path":"mount-path"}]` | since keys in configmap is
flat, mountPath allows to define the mount path, so that plugin codes can be
mounted hierarchically. |
+| apisix.customPlugins.plugins[0].configMap.name | string | `"configmap-name"`
| name of configmap. |
+| apisix.deployment.certs | object |
`{"cert":"","cert_key":"","certsSecret":"","mTLSCACert":"","mTLSCACertSecret":""}`
| certs used for certificates in decoupled mode |
+| apisix.deployment.certs.cert | string | `""` | cert name in certsSecret |
+| apisix.deployment.certs.cert_key | string | `""` | cert key in certsSecret |
+| apisix.deployment.certs.certsSecret | string | `""` | secret name used for
decoupled mode |
+| apisix.deployment.certs.mTLSCACert | string | `""` | mTLS CA cert filename
in mTLSCACertSecret |
+| apisix.deployment.certs.mTLSCACertSecret | string | `""` | trusted_ca_cert
name in certsSecret |
+| apisix.deployment.controlPlane | object |
`{"cert":"","certKey":"","certsSecret":"","confServerPort":"9280"}` | used for
control_plane deployment mode |
+| apisix.deployment.controlPlane.cert | string | `""` | conf Server CA cert
name in certsSecret |
+| apisix.deployment.controlPlane.certKey | string | `""` | conf Server cert
key name in certsSecret |
+| apisix.deployment.controlPlane.certsSecret | string | `""` | secret name
used by conf Server |
+| apisix.deployment.controlPlane.confServerPort | string | `"9280"` | conf
Server address |
+| apisix.deployment.dataPlane | object |
`{"controlPlane":{"host":[],"prefix":"/apisix","timeout":30}}` | used for
data_plane deployment mode |
+| apisix.deployment.dataPlane.controlPlane.host | list | `[]` | The hosts of
the control_plane used by the data_plane |
+| apisix.deployment.dataPlane.controlPlane.prefix | string | `"/apisix"` | The
prefix of the control_plane used by the data_plane |
+| apisix.deployment.dataPlane.controlPlane.timeout | int | `30` | Timeout when
the data plane connects to the control plane |
+| apisix.deployment.mode | string | `"traditional"` | Apache APISIX deployment
mode Optional: traditional, decoupled ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
+| apisix.deployment.role | string | `"traditional"` | Deployment role
Optional: traditional, data_plane, control_plane ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
+| apisix.discovery.enabled | bool | `false` | Enable or disable Apache APISIX
integration service discovery |
+| apisix.discovery.registry | object | `{}` | Registry is the same to the one
in APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery) |
+| apisix.dns.resolvers[0] | string | `"127.0.0.1"` | |
+| apisix.dns.resolvers[1] | string | `"172.20.0.10"` | |
+| apisix.dns.resolvers[2] | string | `"114.114.114.114"` | |
+| apisix.dns.resolvers[3] | string | `"223.5.5.5"` | |
+| apisix.dns.resolvers[4] | string | `"1.1.1.1"` | |
+| apisix.dns.resolvers[5] | string | `"8.8.8.8"` | |
+| apisix.dns.timeout | int | `5` | |
+| apisix.dns.validity | int | `30` | |
| apisix.enableIPv6 | bool | `true` | Enable nginx IPv6 resolver |
| apisix.enableServerTokens | bool | `true` | Whether the APISIX version
number should be shown in Server header |
-| apisix.enabled | bool | `true` | Enable or disable Apache APISIX itself Set
it to false and ingress-controller.enabled=true will deploy only
ingress-controller |
-| apisix.extraEnvVars | list | `[]` | extraEnvVars An array to add extra env
vars e.g: extraEnvVars: - name: FOO value: "bar" - name: FOO2
valueFrom: secretKeyRef: name: SECRET_NAME key: KEY |
-| apisix.hostNetwork | bool | `false` | |
-| apisix.httpRouter | string | `"radixtree_host_uri"` | Defines how apisix
handles routing: - radixtree_uri: match route by uri(base on radixtree) -
radixtree_host_uri: match route by host + uri(base on radixtree) -
radixtree_uri_with_parameter: match route by uri with parameters |
-| apisix.image.pullPolicy | string | `"IfNotPresent"` | Apache APISIX image
pull policy |
-| apisix.image.repository | string | `"apache/apisix"` | Apache APISIX image
repository |
-| apisix.image.tag | string | `"3.3.0-debian"` | Apache APISIX image tag
Overrides the image tag whose default is the chart appVersion. |
-| apisix.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` |
+| apisix.extPlugin.cmd | list |
`["/path/to/apisix-plugin-runner/runner","run"]` | the command and its
arguements to run as a subprocess |
+| apisix.extPlugin.enabled | bool | `false` | Enable External Plugins. See
[external plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/) |
+| apisix.fullCustomConfig.config | object | `{}` | If
apisix.fullCustomConfig.enabled is true, full customized config.yaml. Please
note that other settings about APISIX config will be ignored |
+| apisix.fullCustomConfig.enabled | bool | `false` | Enable full customized
config.yaml |
| apisix.luaModuleHook | object |
`{"configMapRef":{"mounts":[{"key":"","path":""}],"name":""},"enabled":false,"hookPoint":"","luaPath":""}`
| Whether to add a custom lua module |
| apisix.luaModuleHook.configMapRef | object |
`{"mounts":[{"key":"","path":""}],"name":""}` | configmap that stores the codes
|
| apisix.luaModuleHook.configMapRef.mounts[0] | object |
`{"key":"","path":""}` | Name of the ConfigMap key, for setting the mapping
relationship between ConfigMap key and the lua module code path. |
@@ -75,68 +103,54 @@ The command removes all the Kubernetes components
associated with the chart and
| apisix.luaModuleHook.configMapRef.name | string | `""` | Name of the
ConfigMap where the lua module codes store |
| apisix.luaModuleHook.hookPoint | string | `""` | the hook module which will
be used to inject third party code into APISIX use the lua require style like:
"module.say_hello" |
| apisix.luaModuleHook.luaPath | string | `""` | extend lua_package_path to
load third party code |
-| apisix.nodeSelector | object | `{}` | Node labels for Apache APISIX pod
assignment |
-| apisix.podAnnotations | object | `{}` | Annotations to add to each pod |
-| apisix.podDisruptionBudget | object |
`{"enabled":false,"maxUnavailable":1,"minAvailable":"90%"}` | See
https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more
details |
-| apisix.podDisruptionBudget.enabled | bool | `false` | Enable or disable
podDisruptionBudget |
-| apisix.podDisruptionBudget.maxUnavailable | int | `1` | Set the
maxUnavailable of podDisruptionBudget |
-| apisix.podDisruptionBudget.minAvailable | string | `"90%"` | Set the
`minAvailable` of podDisruptionBudget. You can specify only one of
`maxUnavailable` and `minAvailable` in a single PodDisruptionBudget. See
[Specifying a Disruption Budget for your
Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
for more details |
-| apisix.podSecurityContext | object | `{}` | Set the securityContext for
Apache APISIX pods |
-| apisix.priorityClassName | string | `""` | Set
[priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
for Apache APISIX pods |
-| apisix.replicaCount | int | `1` | kind is DaemonSet, replicaCount not become
effective |
-| apisix.resources | object | `{}` | Set pod resource requests & limits |
-| apisix.securityContext | object | `{}` | Set the securityContext for Apache
APISIX container |
+| apisix.nginx.configurationSnippet | object |
`{"httpAdmin":"","httpEnd":"","httpSrv":"","httpStart":"","main":"","stream":""}`
| Custom configuration snippet. |
+| apisix.nginx.customLuaSharedDicts | list | `[]` | Add custom
[lua_shared_dict](https://github.com/openresty/lua-nginx-module#toc88)
settings, click
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
to learn the format of a shared dict |
+| apisix.nginx.enableCPUAffinity | bool | `true` | |
+| apisix.nginx.envs | list | `[]` | |
+| apisix.nginx.logs.accessLog | string | `"/dev/stdout"` | Access log path |
+| apisix.nginx.logs.accessLogFormat | string | `"$remote_addr - $remote_user
[$time_local] $http_host \\\"$request\\\" $status $body_bytes_sent
$request_time \\\"$http_referer\\\" \\\"$http_user_agent\\\" $upstream_addr
$upstream_status $upstream_response_time
\\\"$upstream_scheme://$upstream_host$upstream_uri\\\""` | Access log format |
+| apisix.nginx.logs.accessLogFormatEscape | string | `"default"` | Allows
setting json or default characters escaping in variables |
+| apisix.nginx.logs.enableAccessLog | bool | `true` | Enable access log or
not, default true |
+| apisix.nginx.logs.errorLog | string | `"/dev/stderr"` | Error log path |
+| apisix.nginx.logs.errorLogLevel | string | `"warn"` | Error log level |
+| apisix.nginx.workerConnections | string | `"10620"` | |
+| apisix.nginx.workerProcesses | string | `"auto"` | |
+| apisix.nginx.workerRlimitNofile | string | `"20480"` | |
+| apisix.pluginAttrs | object | `{}` | Set APISIX plugin attributes, see
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L376)
for more details |
+| apisix.plugins | list | `[]` | Customize the list of APISIX plugins to
enable. By default, APISIX's default plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
|
+| apisix.prometheus.containerPort | int | `9091` | container port where the
metrics are exposed |
+| apisix.prometheus.enabled | bool | `false` | |
+| apisix.prometheus.metricPrefix | string | `"apisix_"` | prefix of the
metrics |
+| apisix.prometheus.path | string | `"/apisix/prometheus/metrics"` | path of
the metrics endpoint |
+| apisix.router.http | string | `"radixtree_host_uri"` | Defines how apisix
handles routing: - radixtree_uri: match route by uri(base on radixtree) -
radixtree_host_uri: match route by host + uri(base on radixtree) -
radixtree_uri_with_parameter: match route by uri with parameters |
| apisix.setIDFromPodUID | bool | `false` | Use Pod metadata.uid as the APISIX
id. |
-| apisix.timezone | string | `""` | timezone is the timezone where apisix
uses. For example: "UTC" or "Asia/Shanghai" This value will be set on apisix
container's environment variable TZ. You may need to set the timezone to be
consistent with your local time zone, otherwise the apisix's logs may used to
retrieve event maybe in wrong timezone. |
-| apisix.tolerations | list | `[]` | List of node taints to tolerate |
+| apisix.ssl.additionalContainerPorts | list | `[]` | Support multiple https
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
|
+| apisix.ssl.certCAFilename | string | `""` | Filename be used in the
apisix.ssl.existingCASecret |
+| apisix.ssl.containerPort | int | `9443` | |
+| apisix.ssl.enabled | bool | `false` | |
+| apisix.ssl.existingCASecret | string | `""` | Specifies the name of Secret
contains trusted CA certificates in the PEM format used to verify the
certificate when APISIX needs to do SSL/TLS handshaking with external services
(e.g. etcd) |
+| apisix.ssl.http2.enabled | bool | `true` | |
+| apisix.ssl.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols
allowed to use. |
+| apisix.stream_plugins | list | `[]` | Customize the list of APISIX
stream_plugins to enable. By default, APISIX's default stream_plugins are
automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
|
+| apisix.vault.enabled | bool | `false` | Enable or disable the vault
integration |
+| apisix.vault.host | string | `""` | The host address where the vault server
is running. |
+| apisix.vault.prefix | string | `""` | Prefix allows you to better
enforcement of policies. |
+| apisix.vault.timeout | int | `10` | HTTP timeout for each request. |
+| apisix.vault.token | string | `""` | The generated token from vault instance
that can grant access to read data from the vault. |
+| apisix.wasm.enabled | bool | `false` | Enable Wasm Plugins. See [wasm
plugin](https://apisix.apache.org/docs/apisix/next/wasm/) |
+| apisix.wasm.plugins | list | `[]` | |
| autoscaling.enabled | bool | `false` | |
| autoscaling.maxReplicas | int | `100` | |
| autoscaling.minReplicas | int | `1` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| autoscaling.targetMemoryUtilizationPercentage | int | `80` | |
| autoscaling.version | string | `"v2"` | HPA version, the value is "v2" or
"v2beta1", default "v2" |
-| configurationSnippet | object |
`{"httpAdmin":"","httpEnd":"","httpSrv":"","httpStart":"","main":"","stream":""}`
| Custom configuration snippet. |
-| customPlugins | object |
`{"enabled":false,"luaPath":"/opts/custom_plugins/?.lua","plugins":[{"attrs":{},"configMap":{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"},"name":"plugin-name"}]}`
| customPlugins allows you to mount your own HTTP plugins. |
-| customPlugins.enabled | bool | `false` | Whether to configure some custom
plugins |
-| customPlugins.luaPath | string | `"/opts/custom_plugins/?.lua"` | the
lua_path that tells APISIX where it can find plugins, note the last ';' is
required. |
-| customPlugins.plugins[0] | object |
`{"attrs":{},"configMap":{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"},"name":"plugin-name"}`
| plugin name. |
-| customPlugins.plugins[0].attrs | object | `{}` | plugin attrs |
-| customPlugins.plugins[0].configMap | object |
`{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"}`
| plugin codes can be saved inside configmap object. |
-| customPlugins.plugins[0].configMap.mounts | list |
`[{"key":"the-file-name","path":"mount-path"}]` | since keys in configmap is
flat, mountPath allows to define the mount path, so that plugin codes can be
mounted hierarchically. |
-| customPlugins.plugins[0].configMap.name | string | `"configmap-name"` | name
of configmap. |
| dashboard.config.conf.etcd.endpoints | list | `["apisix-etcd:2379"]` |
Supports defining multiple etcd host addresses for an etcd cluster |
| dashboard.config.conf.etcd.password | string | `nil` | Specifies etcd basic
auth password if enable etcd auth |
| dashboard.config.conf.etcd.prefix | string | `"/apisix"` | apisix
configurations prefix |
| dashboard.config.conf.etcd.username | string | `nil` | Specifies etcd basic
auth username if enable etcd auth |
| dashboard.enabled | bool | `false` | |
-| deployment.certs | object |
`{"cert":"","cert_key":"","certsSecret":"","mTLSCACert":"","mTLSCACertSecret":""}`
| certs used for certificates in decoupled mode |
-| deployment.certs.cert | string | `""` | cert name in certsSecret |
-| deployment.certs.cert_key | string | `""` | cert key in certsSecret |
-| deployment.certs.certsSecret | string | `""` | secret name used for
decoupled mode |
-| deployment.certs.mTLSCACert | string | `""` | mTLS CA cert filename in
mTLSCACertSecret |
-| deployment.certs.mTLSCACertSecret | string | `""` | trusted_ca_cert name in
certsSecret |
-| deployment.controlPlane | object |
`{"cert":"","certKey":"","certsSecret":"","confServerPort":"9280"}` | used for
control_plane deployment mode |
-| deployment.controlPlane.cert | string | `""` | conf Server CA cert name in
certsSecret |
-| deployment.controlPlane.certKey | string | `""` | conf Server cert key name
in certsSecret |
-| deployment.controlPlane.certsSecret | string | `""` | secret name used by
conf Server |
-| deployment.controlPlane.confServerPort | string | `"9280"` | conf Server
address |
-| deployment.dataPlane | object |
`{"controlPlane":{"host":[],"prefix":"/apisix","timeout":30}}` | used for
data_plane deployment mode |
-| deployment.dataPlane.controlPlane.host | list | `[]` | The hosts of the
control_plane used by the data_plane |
-| deployment.dataPlane.controlPlane.prefix | string | `"/apisix"` | The prefix
of the control_plane used by the data_plane |
-| deployment.dataPlane.controlPlane.timeout | int | `30` | Timeout when the
data plane connects to the control plane |
-| deployment.mode | string | `"traditional"` | Apache APISIX deployment mode
Optional: traditional, decoupled ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
-| deployment.role | string | `"traditional"` | Deployment role Optional:
traditional, data_plane, control_plane ref:
https://apisix.apache.org/docs/apisix/deployment-modes/ |
-| discovery.enabled | bool | `false` | Enable or disable Apache APISIX
integration service discovery |
-| discovery.registry | object | `{}` | Registry is the same to the one in
APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery) |
-| dns.resolvers[0] | string | `"127.0.0.1"` | |
-| dns.resolvers[1] | string | `"172.20.0.10"` | |
-| dns.resolvers[2] | string | `"114.114.114.114"` | |
-| dns.resolvers[3] | string | `"223.5.5.5"` | |
-| dns.resolvers[4] | string | `"1.1.1.1"` | |
-| dns.resolvers[5] | string | `"8.8.8.8"` | |
-| dns.timeout | int | `5` | |
-| dns.validity | int | `30` | |
-| etcd | object |
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"host":["http://etcd.host:2379"],"password":"","prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30,"user":""}`
| etcd configuration use the FQDN address or the IP of the etcd |
+| etcd | object |
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}`
| etcd configuration use the FQDN address or the IP of the etcd |
| etcd.auth | object |
`{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}`
| if etcd.enabled is true, set more values of bitnami/etcd helm chart |
| etcd.auth.rbac.create | bool | `false` | No authentication by default.
Switch to enable RBAC authentication |
| etcd.auth.rbac.rootPassword | string | `""` | root password for etcd.
Requires etcd.auth.rbac.create to be true. |
@@ -147,69 +161,61 @@ The command removes all the Kubernetes components
associated with the chart and
| etcd.auth.tls.sni | string | `""` | specify the TLS Server Name Indication
extension, the ETCD endpoint hostname will be used when this setting is unset. |
| etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint
certificate when setup a TLS connection to etcd |
| etcd.enabled | bool | `true` | install etcd(v3) by default, set false if do
not want to install etcd(v3) together |
-| etcd.host | list | `["http://etcd.host:2379"]` | if etcd.enabled is false,
use external etcd, support multiple address, if your etcd cluster enables TLS,
please use https scheme, e.g. https://127.0.0.1:2379. |
-| etcd.password | string | `""` | if etcd.enabled is false, password for
external etcd. If etcd.enabled is true, use etcd.auth.rbac.rootPassword
instead. |
| etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| etcd.timeout | int | `30` | Set the timeout value in seconds for subsequent
socket operations from apisix to etcd cluster |
-| etcd.user | string | `""` | if etcd.enabled is false, username for external
etcd. If etcd.enabled is true, use etcd.auth.rbac.rootPassword instead. |
-| extPlugin.cmd | list | `["/path/to/apisix-plugin-runner/runner","run"]` |
the command and its arguements to run as a subprocess |
-| extPlugin.enabled | bool | `false` | Enable External Plugins. See [external
plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/) |
+| externalEtcd | object |
`{"existingSecret":"","host":["http://etcd.host:2379"],"password":"","secretPasswordKey":"etcd-root-password","user":"root"}`
| external etcd configuration. If etcd.enabled is false, these configuration
will be used. |
+| externalEtcd.existingSecret | string | `""` | if externalEtcd.existingSecret
is the name of secret containing the external etcd password |
+| externalEtcd.host | list | `["http://etcd.host:2379"]` | if etcd.enabled is
false, use external etcd, support multiple address, if your etcd cluster
enables TLS, please use https scheme, e.g. https://127.0.0.1:2379. |
+| externalEtcd.password | string | `""` | if etcd.enabled is false and
externalEtcd.existingSecret is empty, externalEtcd.password is the passsword
for external etcd. |
+| externalEtcd.secretPasswordKey | string | `"etcd-root-password"` |
externalEtcd.secretPasswordKey Key inside the secret containing the external
etcd password |
+| externalEtcd.user | string | `"root"` | if etcd.enabled is false, user for
external etcd. Set empty to disable authentication |
+| extraEnvVars | list | `[]` | extraEnvVars An array to add extra env vars
e.g: extraEnvVars: - name: FOO value: "bar" - name: FOO2 valueFrom:
secretKeyRef: name: SECRET_NAME key: KEY |
| extraInitContainers | list | `[]` | Additional `initContainers`, See
[Kubernetes
initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
for the detail. |
| extraVolumeMounts | list | `[]` | Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail. |
| extraVolumes | list | `[]` | Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail. |
| fullnameOverride | string | `""` | |
-| gateway.externalIPs | list | `[]` | |
-| gateway.externalTrafficPolicy | string | `"Cluster"` | |
-| gateway.http | object |
`{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}`
| Apache APISIX service settings for http |
-| gateway.http.additionalContainerPorts | list | `[]` | Support multiple http
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
|
-| gateway.ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"tls":[]}`
| Using ingress access Apache APISIX service |
-| gateway.ingress.annotations | object | `{}` | Ingress annotations |
-| gateway.labelsOverride | object | `{}` | Override default labels assigned to
Apache APISIX gateway resources |
-| gateway.stream | object | `{"enabled":false,"only":false,"tcp":[],"udp":[]}`
| Apache APISIX service settings for stream. L4 proxy (TCP/UDP) |
-| gateway.tls | object |
`{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":false,"existingCASecret":"","http2":{"enabled":true},"servicePort":443,"sslProtocols":"TLSv1.2
TLSv1.3"}` | Apache APISIX service settings for tls |
-| gateway.tls.additionalContainerPorts | list | `[]` | Support multiple https
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
|
-| gateway.tls.certCAFilename | string | `""` | Filename be used in the
gateway.tls.existingCASecret |
-| gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret
contains trusted CA certificates in the PEM format used to verify the
certificate when APISIX needs to do SSL/TLS handshaking with external services
(e.g. etcd) |
-| gateway.tls.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols
allowed to use. |
-| gateway.type | string | `"NodePort"` | Apache APISIX service type for user
access itself |
| global.imagePullSecrets | list | `[]` | Global Docker registry secret names
as an array |
+| hostNetwork | bool | `false` | |
+| image.pullPolicy | string | `"IfNotPresent"` | Apache APISIX image pull
policy |
+| image.repository | string | `"apache/apisix"` | Apache APISIX image
repository |
+| image.tag | string | `"3.3.0-debian"` | Apache APISIX image tag Overrides
the image tag whose default is the chart appVersion. |
+| ingress | object |
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"tls":[]}`
| Using ingress access Apache APISIX service |
| ingress-controller | object |
`{"config":{"apisix":{"adminAPIVersion":"v3"}},"enabled":false}` | Ingress
controller configuration |
+| ingress.annotations | object | `{}` | Ingress annotations |
| initContainer.image | string | `"busybox"` | Init container image |
| initContainer.tag | float | `1.28` | Init container tag |
-| logs.accessLog | string | `"/dev/stdout"` | Access log path |
-| logs.accessLogFormat | string | `"$remote_addr - $remote_user [$time_local]
$http_host \\\"$request\\\" $status $body_bytes_sent $request_time
\\\"$http_referer\\\" \\\"$http_user_agent\\\" $upstream_addr $upstream_status
$upstream_response_time
\\\"$upstream_scheme://$upstream_host$upstream_uri\\\""` | Access log format |
-| logs.accessLogFormatEscape | string | `"default"` | Allows setting json or
default characters escaping in variables |
-| logs.enableAccessLog | bool | `true` | Enable access log or not, default
true |
-| logs.errorLog | string | `"/dev/stderr"` | Error log path |
-| logs.errorLogLevel | string | `"warn"` | Error log level |
+| metrics | object |
`{"serviceMonitor":{"annotations":{},"enabled":false,"interval":"15s","labels":{},"name":"","namespace":""}}`
| Observability configuration. |
+| metrics.serviceMonitor.annotations | object | `{}` | @param
serviceMonitor.annotations ServiceMonitor annotations |
+| metrics.serviceMonitor.enabled | bool | `false` | Enable or disable Apache
APISIX serviceMonitor |
+| metrics.serviceMonitor.interval | string | `"15s"` | interval at which
metrics should be scraped |
+| metrics.serviceMonitor.labels | object | `{}` | @param serviceMonitor.labels
ServiceMonitor extra labels |
+| metrics.serviceMonitor.name | string | `""` | name of the serviceMonitor, by
default, it is the same as the apisix fullname |
+| metrics.serviceMonitor.namespace | string | `""` | namespace where the
serviceMonitor is deployed, by default, it is the same as the namespace of the
apisix |
| nameOverride | string | `""` | |
-| nginx.enableCPUAffinity | bool | `true` | |
-| nginx.envs | list | `[]` | |
-| nginx.workerConnections | string | `"10620"` | |
-| nginx.workerProcesses | string | `"auto"` | |
-| nginx.workerRlimitNofile | string | `"20480"` | |
-| pluginAttrs | object | `{}` | Set APISIX plugin attributes, see
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L376)
for more details |
-| plugins | list | `[]` | Customize the list of APISIX plugins to enable. By
default, APISIX's default plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
|
+| nodeSelector | object | `{}` | Node labels for Apache APISIX pod assignment |
+| podAnnotations | object | `{}` | Annotations to add to each pod |
+| podDisruptionBudget | object |
`{"enabled":false,"maxUnavailable":1,"minAvailable":"90%"}` | See
https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more
details |
+| podDisruptionBudget.enabled | bool | `false` | Enable or disable
podDisruptionBudget |
+| podDisruptionBudget.maxUnavailable | int | `1` | Set the maxUnavailable of
podDisruptionBudget |
+| podDisruptionBudget.minAvailable | string | `"90%"` | Set the `minAvailable`
of podDisruptionBudget. You can specify only one of `maxUnavailable` and
`minAvailable` in a single PodDisruptionBudget. See [Specifying a Disruption
Budget for your
Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
for more details |
+| podSecurityContext | object | `{}` | Set the securityContext for Apache
APISIX pods |
+| priorityClassName | string | `""` | Set
[priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
for Apache APISIX pods |
| rbac.create | bool | `false` | |
+| replicaCount | int | `1` | if useDaemonSet is true or autoscaling.enabled is
true, replicaCount not become effective |
+| resources | object | `{}` | Set pod resource requests & limits |
+| securityContext | object | `{}` | Set the securityContext for Apache APISIX
container |
+| service.externalIPs | list | `[]` | |
+| service.externalTrafficPolicy | string | `"Cluster"` | |
+| service.http | object |
`{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}`
| Apache APISIX service settings for http |
+| service.http.additionalContainerPorts | list | `[]` | Support multiple http
ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
|
+| service.labelsOverride | object | `{}` | Override default labels assigned to
Apache APISIX gateway resources |
+| service.stream | object | `{"enabled":false,"only":false,"tcp":[],"udp":[]}`
| Apache APISIX service settings for stream. L4 proxy (TCP/UDP) |
+| service.tls | object | `{"servicePort":443}` | Apache APISIX service
settings for tls |
+| service.type | string | `"NodePort"` | Apache APISIX service type for user
access itself |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `false` | |
| serviceAccount.name | string | `""` | |
-| serviceMonitor | object |
`{"annotations":{},"containerPort":9091,"enabled":false,"interval":"15s","labels":{},"metricPrefix":"apisix_","name":"","namespace":"","path":"/apisix/prometheus/metrics"}`
| Observability configuration. ref:
https://apisix.apache.org/docs/apisix/plugins/prometheus/ |
-| serviceMonitor.annotations | object | `{}` | @param
serviceMonitor.annotations ServiceMonitor annotations |
-| serviceMonitor.containerPort | int | `9091` | container port where the
metrics are exposed |
-| serviceMonitor.enabled | bool | `false` | Enable or disable Apache APISIX
serviceMonitor |
-| serviceMonitor.interval | string | `"15s"` | interval at which metrics
should be scraped |
-| serviceMonitor.labels | object | `{}` | @param serviceMonitor.labels
ServiceMonitor extra labels |
-| serviceMonitor.metricPrefix | string | `"apisix_"` | prefix of the metrics |
-| serviceMonitor.name | string | `""` | name of the serviceMonitor, by
default, it is the same as the apisix fullname |
-| serviceMonitor.namespace | string | `""` | namespace where the
serviceMonitor is deployed, by default, it is the same as the namespace of the
apisix |
-| serviceMonitor.path | string | `"/apisix/prometheus/metrics"` | path of the
metrics endpoint |
-| stream_plugins | list | `[]` | Customize the list of APISIX stream_plugins
to enable. By default, APISIX's default stream_plugins are automatically used.
See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
|
+| timezone | string | `""` | timezone is the timezone where apisix uses. For
example: "UTC" or "Asia/Shanghai" This value will be set on apisix container's
environment variable TZ. You may need to set the timezone to be consistent with
your local time zone, otherwise the apisix's logs may used to retrieve event
maybe in wrong timezone. |
+| tolerations | list | `[]` | List of node taints to tolerate |
| updateStrategy | object | `{}` | |
-| vault.enabled | bool | `false` | Enable or disable the vault integration |
-| vault.host | string | `""` | The host address where the vault server is
running. |
-| vault.prefix | string | `""` | Prefix allows you to better enforcement of
policies. |
-| vault.timeout | int | `10` | HTTP timeout for each request. |
-| vault.token | string | `""` | The generated token from vault instance that
can grant access to read data from the vault. |
-| wasmPlugins.enabled | bool | `false` | Enable Wasm Plugins. See [wasm
plugin](https://apisix.apache.org/docs/apisix/next/wasm/) |
-| wasmPlugins.plugins | list | `[]` | |
+| useDaemonSet | bool | `false` | set false to use `Deployment`, set true to
use `DaemonSet` |
diff --git a/charts/apisix/templates/NOTES.txt
b/charts/apisix/templates/NOTES.txt
index 6796d00..43d3bf3 100644
--- a/charts/apisix/templates/NOTES.txt
+++ b/charts/apisix/templates/NOTES.txt
@@ -1,20 +1,20 @@
1. Get the application URL by running these commands:
-{{- if .Values.gateway.ingress.enabled }}
-{{- range $host := .Values.gateway.ingress.hosts }}
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
- http{{ if $.Values.gateway.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
-{{- else if contains "NodePort" .Values.gateway.type }}
+{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o
jsonpath="{.spec.ports[0].nodePort}" services {{ include "apisix.fullname" .
}}-gateway)
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o
jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.gateway.type }}
+{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{
.Release.Namespace }} svc -w {{ include "apisix.fullname" . }}-gateway'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{
include "apisix.fullname" . }}-gateway --template "{{"{{ range (index
.status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
- echo http://$SERVICE_IP:{{ .Values.gateway.http.servicePort }}
-{{- else if contains "ClusterIP" .Values.gateway.type }}
+ echo http://$SERVICE_IP:{{ .Values.service.http.servicePort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l
"app.kubernetes.io/name={{ include "apisix.name" .
}},app.kubernetes.io/instance={{ .Release.Name }}" -o
jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
diff --git a/charts/apisix/templates/_helpers.tpl
b/charts/apisix/templates/_helpers.tpl
index 2198734..1b92060 100644
--- a/charts/apisix/templates/_helpers.tpl
+++ b/charts/apisix/templates/_helpers.tpl
@@ -47,8 +47,8 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
Selector labels
*/}}
{{- define "apisix.selectorLabels" -}}
-{{- if .Values.gateway.labelsOverride }}
-{{- tpl (.Values.gateway.labelsOverride | toYaml) . }}
+{{- if .Values.service.labelsOverride }}
+{{- tpl (.Values.service.labelsOverride | toYaml) . }}
{{- else }}
app.kubernetes.io/name: {{ include "apisix.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
@@ -80,16 +80,16 @@ Usage:
{{- end -}}
{{- define "apisix.basePluginAttrs" -}}
-{{- if .Values.serviceMonitor.enabled }}
+{{- if .Values.apisix.prometheus.enabled }}
prometheus:
export_addr:
ip: 0.0.0.0
- port: {{ .Values.serviceMonitor.containerPort }}
- export_uri: {{ .Values.serviceMonitor.path }}
- metric_prefix: {{ .Values.serviceMonitor.metricPrefix }}
+ port: {{ .Values.apisix.prometheus.containerPort }}
+ export_uri: {{ .Values.apisix.prometheus.path }}
+ metric_prefix: {{ .Values.apisix.prometheus.metricPrefix }}
{{- end }}
-{{- if .Values.customPlugins.enabled }}
-{{- range $plugin := .Values.customPlugins.plugins }}
+{{- if .Values.apisix.customPlugins.enabled }}
+{{- range $plugin := .Values.apisix.customPlugins.plugins }}
{{- if $plugin.attrs }}
{{ $plugin.name }}: {{- $plugin.attrs | toYaml | nindent 2 }}
{{- end }}
@@ -98,7 +98,7 @@ prometheus:
{{- end -}}
{{- define "apisix.pluginAttrs" -}}
-{{- merge .Values.pluginAttrs (include "apisix.basePluginAttrs" . | fromYaml)
| toYaml -}}
+{{- merge .Values.apisix.pluginAttrs (include "apisix.basePluginAttrs" . |
fromYaml) | toYaml -}}
{{- end -}}
{{/*
@@ -111,3 +111,27 @@ Scheme to use while connecting etcd
{{- "http" }}
{{- end }}
{{- end }}
+
+{{/*
+Return the name of etcd password secret
+*/}}
+{{- define "apisix.etcd.secretName" -}}
+{{- if and .Values.etcd.enabled .Values.etcd.auth.rbac.create }}
+{{- template "common.names.fullname" .Subcharts.etcd }}
+{{- else if .Values.externalEtcd.existingSecret }}
+{{- print .Values.externalEtcd.existingSecret }}
+{{- else if .Values.externalEtcd.user }}
+{{- printf "etcd-%s" (include "apisix.fullname" .) | trunc 63 | trimSuffix "-"
}}
+{{- end }}
+{{- end -}}
+
+{{/*
+Return the password key name of etcd secret
+*/}}
+{{- define "apisix.etcd.secretPasswordKey" -}}
+{{- if .Values.etcd.enabled }}
+{{- print "etcd-root-password" }}
+{{- else }}
+{{- print .Values.externalEtcd.secretPasswordKey }}
+{{- end }}
+{{- end -}}
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
deleted file mode 100644
index 50f2732..0000000
--- a/charts/apisix/templates/_pod.tpl
+++ /dev/null
@@ -1,267 +0,0 @@
-{{- define "apisix.podTemplate" -}}
-metadata:
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml")
. | sha256sum }}
- {{- if .Values.apisix.podAnnotations }}
- {{- range $key, $value := $.Values.apisix.podAnnotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- labels:
- {{- include "apisix.selectorLabels" . | nindent 4 }}
-spec:
- {{- with .Values.global.imagePullSecrets }}
- imagePullSecrets:
- {{- range $.Values.global.imagePullSecrets }}
- - name: {{ . }}
- {{- end }}
- {{- end }}
- serviceAccountName: {{ include "apisix.serviceAccountName" . }}
- {{- with .Values.apisix.podSecurityContext }}
- securityContext:
- {{- . | toYaml | nindent 4 }}
- {{- end }}
- {{- with .Values.apisix.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- {{- with .Values.apisix.securityContext }}
- securityContext:
- {{- . | toYaml | nindent 8 }}
- {{- end }}
- image: "{{ .Values.apisix.image.repository }}:{{ default
.Chart.AppVersion .Values.apisix.image.tag }}"
- imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
- env:
- {{- if .Values.apisix.timezone }}
- - name: TZ
- value: {{ .Values.apisix.timezone }}
- {{- end }}
- {{- if .Values.apisix.extraEnvVars }}
- {{- include "apisix.tplvalues.render" (dict "value"
.Values.apisix.extraEnvVars "context" $) | nindent 8 }}
- {{- end }}
-
- {{- if .Values.admin.credentials.secretName }}
- - name: APISIX_ADMIN_KEY
- valueFrom:
- secretKeyRef:
- name: {{ .Values.admin.credentials.secretName }}
- key: admin
- - name: APISIX_VIEWER_KEY
- valueFrom:
- secretKeyRef:
- name: {{ .Values.admin.credentials.secretName }}
- key: viewer
- {{- end }}
-
- ports:
- - name: http
- containerPort: {{ .Values.gateway.http.containerPort }}
- protocol: TCP
- {{- range .Values.gateway.http.additionalContainerPorts }}
- - name: http-{{ .port | toString }}
- containerPort: {{ .port }}
- protocol: TCP
- {{- end }}
- - name: tls
- containerPort: {{ .Values.gateway.tls.containerPort }}
- protocol: TCP
- {{- range .Values.gateway.tls.additionalContainerPorts }}
- - name: tls-{{ .port | toString }}
- containerPort: {{ .port }}
- protocol: TCP
- {{- end }}
- {{- if .Values.admin.enabled }}
- - name: admin
- containerPort: {{ .Values.admin.port }}
- protocol: TCP
- {{- end }}
- {{- if .Values.serviceMonitor.enabled }}
- - name: prometheus
- containerPort: {{ .Values.serviceMonitor.containerPort }}
- protocol: TCP
- {{- end }}
- {{- if and .Values.gateway.stream.enabled (or (gt (len
.Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
- {{- with .Values.gateway.stream }}
- {{- if (gt (len .tcp) 0) }}
- {{- range $index, $port := .tcp }}
- - name: proxy-tcp-{{ $index | toString }}
- {{- if kindIs "map" $port }}
- containerPort: {{ splitList ":" ($port.addr | toString) | last }}
- {{- else }}
- containerPort: {{ $port }}
- {{- end }}
- protocol: TCP
- {{- end }}
- {{- end }}
- {{- if (gt (len .udp) 0) }}
- {{- range $index, $port := .udp }}
- - name: proxy-udp-{{ $index | toString }}
- containerPort: {{ $port }}
- protocol: UDP
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end }}
-
- {{- if ne .Values.deployment.role "control_plane" }}
- readinessProbe:
- failureThreshold: 6
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: {{ .Values.gateway.http.containerPort }}
- timeoutSeconds: 1
- {{- end }}
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/sh
- - -c
- - "sleep 30"
- volumeMounts:
- {{- if .Values.apisix.setIDFromPodUID }}
- - mountPath: /usr/local/apisix/conf/apisix.uid
- name: id
- subPath: apisix.uid
- {{- end }}
- - mountPath: /usr/local/apisix/conf/config.yaml
- name: apisix-config
- subPath: config.yaml
- {{- if and .Values.gateway.tls.enabled
.Values.gateway.tls.existingCASecret }}
- - mountPath: /usr/local/apisix/conf/ssl/{{
.Values.gateway.tls.certCAFilename }}
- name: ssl
- subPath: {{ .Values.gateway.tls.certCAFilename }}
- {{- end }}
-
- {{- if and (eq .Values.deployment.role "control_plane")
.Values.deployment.controlPlane.certsSecret }}
- - mountPath: /conf-server-ssl
- name: conf-server-ssl
- {{- end }}
-
- {{- if and (eq .Values.deployment.mode "decoupled")
.Values.deployment.certs.mTLSCACertSecret }}
- - mountPath: /conf-ca-ssl
- name: conf-ca-ssl
- {{- end }}
-
- {{- if and (eq .Values.deployment.mode "decoupled")
.Values.deployment.certs.certsSecret }}
- - mountPath: /conf-client-ssl
- name: conf-client-ssl
- {{- end }}
-
- {{- if .Values.etcd.auth.tls.enabled }}
- - mountPath: /etcd-ssl
- name: etcd-ssl
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- {{- range $mount := $plugin.configMap.mounts }}
- {{- if ne $plugin.configMap.name "" }}
- - mountPath: {{ $mount.path }}
- name: plugin-{{ $plugin.configMap.name }}
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- {{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts }}
- - mountPath: {{ $mount.path }}
- name: lua-module-hook
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- if .Values.extraVolumeMounts }}
- {{- toYaml .Values.extraVolumeMounts | nindent 8 }}
- {{- end }}
- resources:
- {{- toYaml .Values.apisix.resources | nindent 8 }}
- {{- if .Values.apisix.hostNetwork }}
- hostNetwork: true
- dnsPolicy: ClusterFirstWithHostNet
- {{- end }}
- hostNetwork: {{ .Values.apisix.hostNetwork }}
- initContainers:
- {{- if .Values.etcd.enabled }}
- - name: wait-etcd
- image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }}
- {{- if .Values.etcd.fullnameOverride }}
- command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride }}
{{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2;
done;"]
- {{ else }}
- command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{
.Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{
.Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
- {{- end }}
- {{- end }}
- {{- if .Values.extraInitContainers }}
- {{- toYaml .Values.extraInitContainers | nindent 4 }}
- {{- end }}
- volumes:
- - configMap:
- name: {{ include "apisix.fullname" . }}
- name: apisix-config
- {{- if and .Values.gateway.tls.enabled
.Values.gateway.tls.existingCASecret }}
- - secret:
- secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
- name: ssl
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- - secret:
- secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
- name: etcd-ssl
- {{- end }}
- {{- if and (eq .Values.deployment.role "control_plane")
.Values.deployment.controlPlane.certsSecret }}
- - secret:
- secretName: {{ .Values.deployment.controlPlane.certsSecret | quote }}
- name: conf-server-ssl
- {{- end }}
-
- {{- if and (eq .Values.deployment.mode "decoupled")
.Values.deployment.certs.mTLSCACertSecret }}
- - secret:
- secretName: {{ .Values.deployment.certs.mTLSCACertSecret | quote }}
- name: conf-ca-ssl
- {{- end }}
-
- {{- if and (eq .Values.deployment.mode "decoupled")
.Values.deployment.certs.certsSecret }}
- - secret:
- secretName: {{ .Values.deployment.certs.certsSecret | quote }}
- name: conf-client-ssl
- {{- end }}
- {{- if .Values.apisix.setIDFromPodUID }}
- - downwardAPI:
- items:
- - path: "apisix.uid"
- fieldRef:
- fieldPath: metadata.uid
- name: id
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- {{- if ne $plugin.configMap.name "" }}
- - name: plugin-{{ $plugin.configMap.name }}
- configMap:
- name: {{ $plugin.configMap.name }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- - name: lua-module-hook
- configMap:
- name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
- {{- end }}
- {{- if .Values.extraVolumes }}
- {{- toYaml .Values.extraVolumes | nindent 4 }}
- {{- end }}
- {{- with .Values.apisix.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- {{- with .Values.apisix.affinity }}
- affinity:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- {{- with .Values.apisix.tolerations }}
- tolerations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-{{- end -}}
diff --git a/charts/apisix/templates/configmap.yaml
b/charts/apisix/templates/configmap.yaml
index 26a669b..7d803cd 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -14,7 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if .Values.apisix.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -38,26 +37,26 @@ data:
# See the License for the specific language governing permissions and
# limitations under the License.
#
- {{- if .Values.apisix.enableCustomizedConfig }}
- {{- range $key, $value := .Values.apisix.customizedConfig }}
+ {{- if .Values.apisix.fullCustomConfig.enabled }}
+ {{- range $key, $value := .Values.apisix.fullCustomConfig.config }}
{{ $key }}:
{{- include "apisix.tplvalues.render" (dict "value" $value "context" $)
| nindent 6 }}
{{- end }}
{{- else }}
apisix: # universal configurations
- {{- if not (eq .Values.deployment.role "control_plane") }}
+ {{- if not (eq .Values.apisix.deployment.role "control_plane") }}
node_listen: # APISIX listening port
- - {{ .Values.gateway.http.containerPort }}
- {{- with .Values.gateway.http.additionalContainerPorts }}
+ - {{ .Values.service.http.containerPort }}
+ {{- with .Values.service.http.additionalContainerPorts }}
{{- toYaml . | nindent 8}}
{{- end }}
{{- end }}
enable_heartbeat: true
- enable_admin: {{ .Values.admin.enabled }}
- enable_admin_cors: {{ .Values.admin.cors }}
+ enable_admin: {{ .Values.apisix.admin.enabled }}
+ enable_admin_cors: {{ .Values.apisix.admin.cors }}
enable_debug: false
- {{- if or .Values.customPlugins.enabled
.Values.apisix.luaModuleHook.enabled }}
- extra_lua_path: {{ .Values.customPlugins.luaPath }};{{
.Values.apisix.luaModuleHook.luaPath }}
+ {{- if or .Values.apisix.customPlugins.enabled
.Values.apisix.luaModuleHook.enabled }}
+ extra_lua_path: {{ .Values.apisix.customPlugins.luaPath }};{{
.Values.apisix.luaModuleHook.luaPath }}
{{- end }}
{{- if .Values.apisix.luaModuleHook.enabled }}
@@ -94,18 +93,18 @@ data:
# cache_levels: "1:2"
router:
- http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by
uri(base on radixtree)
+ http: {{ .Values.apisix.router.http }} # radixtree_uri: match route
by uri(base on radixtree)
# radixtree_host_uri: match route by host
+ uri(base on radixtree)
# radixtree_uri_with_parameter: match
route by uri with parameters
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base
on radixtree)
- {{- if or (index .Values "ingress-controller" "enabled") (and
.Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt
(len .Values.gateway.stream.udp) 0))) }}
+ {{- if or (index .Values "ingress-controller" "enabled") (and
.Values.service.stream.enabled (or (gt (len .Values.service.stream.tcp) 0) (gt
(len .Values.service.stream.udp) 0))) }}
stream_proxy: # TCP/UDP proxy
- only: {{ .Values.gateway.stream.only }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len
.Values.gateway.stream.tcp) 0) }}
+ only: {{ .Values.service.stream.only }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len
.Values.service.stream.tcp) 0) }}
tcp: # TCP proxy port list
- {{- if gt (len .Values.gateway.stream.tcp) 0}}
- {{- range .Values.gateway.stream.tcp }}
+ {{- if gt (len .Values.service.stream.tcp) 0}}
+ {{- range .Values.service.stream.tcp }}
{{- if kindIs "map" . }}
- addr: {{ .addr }}
{{- if hasKey . "tls" }}
@@ -119,10 +118,10 @@ data:
- 9100
{{- end }}
{{- end }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len
.Values.gateway.stream.udp) 0) }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len
.Values.service.stream.udp) 0) }}
udp: # UDP proxy port list
- {{- if gt (len .Values.gateway.stream.udp) 0}}
- {{- range .Values.gateway.stream.udp }}
+ {{- if gt (len .Values.service.stream.udp) 0}}
+ {{- range .Values.service.stream.udp }}
- {{ . }}
{{- end }}
{{- else}}
@@ -131,45 +130,45 @@ data:
{{- end }}
{{- end }}
# dns_resolver:
- # {{- range $resolver := .Values.dns.resolvers }}
+ # {{- range $resolver := .Values.apisix.dns.resolvers }}
# - {{ $resolver }}
# {{- end }}
- dns_resolver_valid: {{.Values.dns.validity}}
- resolver_timeout: {{.Values.dns.timeout}}
+ dns_resolver_valid: {{.Values.apisix.dns.validity}}
+ resolver_timeout: {{.Values.apisix.dns.timeout}}
ssl:
- enable: {{ .Values.gateway.tls.enabled }}
+ enable: {{ .Values.apisix.ssl.enabled }}
listen:
- - port: {{ .Values.gateway.tls.containerPort }}
- enable_http2: {{ .Values.gateway.tls.http2.enabled }}
- {{- with .Values.gateway.tls.additionalContainerPorts }}
+ - port: {{ .Values.apisix.ssl.containerPort }}
+ enable_http2: {{ .Values.apisix.ssl.http2.enabled }}
+ {{- with .Values.apisix.ssl.additionalContainerPorts }}
{{- toYaml . | nindent 10}}
{{- end }}
- ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
+ ssl_protocols: {{ .Values.apisix.ssl.sslProtocols | quote }}
ssl_ciphers:
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-
[...]
- {{- if and .Values.gateway.tls.enabled
.Values.gateway.tls.existingCASecret }}
- ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{
.Values.gateway.tls.certCAFilename }}"
+ {{- if and .Values.apisix.ssl.enabled
.Values.apisix.ssl.existingCASecret }}
+ ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{
.Values.apisix.ssl.certCAFilename }}"
{{- end }}
nginx_config: # config for render the template to genarate nginx.conf
- error_log: "{{ .Values.logs.errorLog }}"
- error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
- worker_processes: "{{ .Values.nginx.workerProcesses }}"
- enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
- worker_rlimit_nofile: {{ default "20480"
.Values.nginx.workerRlimitNofile }} # the number of files a worker process can
open, should be larger than worker_connections
+ error_log: "{{ .Values.apisix.nginx.logs.errorLog }}"
+ error_log_level: "{{ .Values.apisix.nginx.logs.errorLogLevel }}" #
warn,error
+ worker_processes: "{{ .Values.apisix.nginx.workerProcesses }}"
+ enable_cpu_affinity: {{ and true .Values.apisix.nginx.enableCPUAffinity
}}
+ worker_rlimit_nofile: {{ default "20480"
.Values.apisix.nginx.workerRlimitNofile }} # the number of files a worker
process can open, should be larger than worker_connections
event:
- worker_connections: {{ default "10620" .Values.nginx.workerConnections
}}
- {{- with .Values.nginx.envs }}
+ worker_connections: {{ default "10620"
.Values.apisix.nginx.workerConnections }}
+ {{- with .Values.apisix.nginx.envs }}
envs:
{{- range $env := . }}
- {{ $env }}
{{- end }}
{{- end }}
http:
- enable_access_log: {{ .Values.logs.enableAccessLog }}
- {{- if .Values.logs.enableAccessLog }}
- access_log: "{{ .Values.logs.accessLog }}"
- access_log_format: '{{ .Values.logs.accessLogFormat }}'
- access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
+ enable_access_log: {{ .Values.apisix.nginx.logs.enableAccessLog }}
+ {{- if .Values.apisix.nginx.logs.enableAccessLog }}
+ access_log: "{{ .Values.apisix.nginx.logs.accessLog }}"
+ access_log_format: '{{ .Values.apisix.nginx.logs.accessLogFormat }}'
+ access_log_format_escape: {{
.Values.apisix.nginx.logs.accessLogFormatEscape }}
{{- end }}
keepalive_timeout: 60s # timeout during which a keep-alive
client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request
header, then 408 (Request Time-out) error is returned to the client
@@ -180,34 +179,34 @@ data:
real_ip_from: #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
- {{- if .Values.apisix.customLuaSharedDicts }}
+ {{- if .Values.apisix.nginx.customLuaSharedDicts }}
custom_lua_shared_dict: # add custom shared cache to nginx.conf
- {{- range $dict := .Values.apisix.customLuaSharedDicts }}
+ {{- range $dict := .Values.apisix.nginx.customLuaSharedDicts }}
{{ $dict.name }}: {{ $dict.size }}
{{- end }}
{{- end }}
- {{- if .Values.configurationSnippet.main }}
- main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main
| indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.main }}
+ main_configuration_snippet: {{- toYaml
.Values.apisix.nginx.configurationSnippet.main | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpStart }}
- http_configuration_snippet: {{- toYaml
.Values.configurationSnippet.httpStart | indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.httpStart }}
+ http_configuration_snippet: {{- toYaml
.Values.apisix.nginx.configurationSnippet.httpStart | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpEnd }}
- http_end_configuration_snippet: {{- toYaml
.Values.configurationSnippet.httpEnd | indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.httpEnd }}
+ http_end_configuration_snippet: {{- toYaml
.Values.apisix.nginx.configurationSnippet.httpEnd | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpSrv }}
- http_server_configuration_snippet: {{- toYaml
.Values.configurationSnippet.httpSrv | indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.httpSrv }}
+ http_server_configuration_snippet: {{- toYaml
.Values.apisix.nginx.configurationSnippet.httpSrv | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpAdmin }}
- http_admin_configuration_snippet: {{ toYaml
.Values.configurationSnippet.httpAdmin | indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.httpAdmin }}
+ http_admin_configuration_snippet: {{ toYaml
.Values.apisix.nginx.configurationSnippet.httpAdmin | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.stream }}
- stream_configuration_snippet: {{- toYaml
.Values.configurationSnippet.stream | indent 6 }}
+ {{- if .Values.apisix.nginx.configurationSnippet.stream }}
+ stream_configuration_snippet: {{- toYaml
.Values.apisix.nginx.configurationSnippet.stream | indent 6 }}
{{- end }}
- {{- if .Values.discovery.enabled }}
+ {{- if .Values.apisix.discovery.enabled }}
discovery:
- {{- range $key, $value := .Values.discovery.registry }}
+ {{- range $key, $value := .Values.apisix.discovery.registry }}
{{- if $value }}
{{ $key }}:
{{- include "apisix.tplvalues.render" (dict "value" $value "context"
$) | nindent 8 }}
@@ -217,82 +216,82 @@ data:
{{- end }}
{{- end }}
- {{- if .Values.vault.enabled }}
+ {{- if .Values.apisix.vault.enabled }}
vault:
- host: {{ .Values.vault.host }}
- timeout: {{ .Values.vault.timeout }}
- token: {{ .Values.vault.token }}
- prefix: {{ .Values.vault.prefix }}
+ host: {{ .Values.apisix.vault.host }}
+ timeout: {{ .Values.apisix.vault.timeout }}
+ token: {{ .Values.apisix.vault.token }}
+ prefix: {{ .Values.apisix.vault.prefix }}
{{- end }}
- {{- if .Values.plugins }}
+ {{- if .Values.apisix.plugins }}
plugins: # plugin list
- {{- range $plugin := .Values.plugins }}
+ {{- range $plugin := .Values.apisix.plugins }}
{{- if ne $plugin "" }}
- {{ $plugin }}
{{- end }}
{{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
+ {{- if .Values.apisix.customPlugins.enabled }}
+ {{- range $plugin := .Values.apisix.customPlugins.plugins }}
- {{ $plugin.name }}
{{- end }}
{{- end }}
{{- end }}
- {{- if .Values.stream_plugins }}
+ {{- if .Values.apisix.stream_plugins }}
stream_plugins:
- {{- range $plugin := .Values.stream_plugins }}
+ {{- range $plugin := .Values.apisix.stream_plugins }}
{{- if ne $plugin "" }}
- {{ $plugin }}
{{- end }}
{{- end }}
{{- end }}
- {{- if .Values.extPlugin.enabled }}
+ {{- if .Values.apisix.extPlugin.enabled }}
ext-plugin:
cmd:
- {{- range $arg := .Values.extPlugin.cmd }}
+ {{- range $arg := .Values.apisix.extPlugin.cmd }}
- {{ $arg }}
{{- end }}
{{- end }}
- {{- if or .Values.pluginAttrs .Values.customPlugins.enabled
.Values.serviceMonitor.enabled}}
+ {{- if or .Values.apisix.pluginAttrs .Values.apisix.customPlugins.enabled
.Values.apisix.prometheus.enabled}}
{{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
{{- if gt (len ($pluginAttrs | fromYaml)) 0 }}
plugin_attr: {{- $pluginAttrs | nindent 6 }}
{{- end }}
{{- end }}
- {{- if .Values.wasmPlugins.enabled }}
+ {{- if .Values.apisix.wasm.enabled }}
wasm:
plugins:
- {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
+ {{- toYaml .Values.apisix.wasm.plugins | nindent 8 }}
{{- end }}
deployment:
- role: {{ .Values.deployment.role }}
- {{- if or (eq .Values.deployment.role "traditional") (eq
.Values.deployment.role "control_plane") }}
+ role: {{ .Values.apisix.deployment.role }}
+ {{- if or (eq .Values.apisix.deployment.role "traditional") (eq
.Values.apisix.deployment.role "control_plane") }}
- {{- if eq .Values.deployment.role "traditional" }}
+ {{- if eq .Values.apisix.deployment.role "traditional" }}
role_traditional:
config_provider: etcd
{{- end }}
- {{- if eq .Values.deployment.role "control_plane" }}
+ {{- if eq .Values.apisix.deployment.role "control_plane" }}
role_control_plane:
config_provider: etcd
conf_server:
- listen: 0.0.0.0:{{ .Values.deployment.controlPlane.confServerPort }}
- cert: "/conf-server-ssl/{{ .Values.deployment.controlPlane.cert }}"
- cert_key: "/conf-server-ssl/{{
.Values.deployment.controlPlane.certKey }}"
- {{- if .Values.deployment.certs.mTLSCACertSecret }}
- client_ca_cert: "/conf-ca-ssl/{{ .Values.deployment.certs.mTLSCACert
}}"
+ listen: 0.0.0.0:{{
.Values.apisix.deployment.controlPlane.confServerPort }}
+ cert: "/conf-server-ssl/{{
.Values.apisix.deployment.controlPlane.cert }}"
+ cert_key: "/conf-server-ssl/{{
.Values.apisix.deployment.controlPlane.certKey }}"
+ {{- if .Values.apisix.deployment.certs.mTLSCACertSecret }}
+ client_ca_cert: "/conf-ca-ssl/{{
.Values.apisix.deployment.certs.mTLSCACert }}"
{{- end }}
{{- end }}
admin:
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- {{- if .Values.admin.allow.ipList }}
- {{- range $ips := .Values.admin.allow.ipList }}
+ {{- if .Values.apisix.admin.allow.ipList }}
+ {{- range $ips := .Values.apisix.admin.allow.ipList }}
- {{ $ips }}
{{- end }}
{{- else }}
@@ -302,10 +301,10 @@ data:
- 0.0.0.0/0
{{- end}}
# - "::/64"
- {{- if .Values.admin.enabled }}
+ {{- if .Values.apisix.admin.enabled }}
admin_listen:
- ip: {{ .Values.admin.ip }}
- port: {{ .Values.admin.port }}
+ ip: {{ .Values.apisix.admin.ip }}
+ port: {{ .Values.apisix.admin.port }}
{{- end }}
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's
Admin API.
@@ -314,22 +313,22 @@ data:
admin_key:
# admin: can everything for configuration data
- name: "admin"
- {{- if .Values.admin.credentials.secretName }}
+ {{- if .Values.apisix.admin.credentials.secretName }}
key: "{{"{{"}}APISIX_ADMIN_KEY{{"}}"}}"
{{- else }}
- key: {{ .Values.admin.credentials.admin }}
+ key: {{ .Values.apisix.admin.credentials.admin }}
{{- end }}
role: admin
# viewer: only can view configuration data
- name: "viewer"
- {{- if .Values.admin.credentials.secretName }}
+ {{- if .Values.apisix.admin.credentials.secretName }}
key: "{{"{{"}}APISIX_VIEWER_KEY{{"}}"}}"
{{- else }}
- key: {{ .Values.admin.credentials.viewer }}
+ key: {{ .Values.apisix.admin.credentials.viewer }}
{{- end }}
role: viewer
- {{- if not (eq .Values.deployment.role "data_plane") }}
+ {{- if not (eq .Values.apisix.deployment.role "data_plane") }}
etcd:
{{- if .Values.etcd.enabled }}
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
@@ -340,18 +339,18 @@ data:
{{- end}}
{{- else }}
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- {{- range $value := .Values.etcd.host }}
+ {{- range $value := .Values.externalEtcd.host }}
- "{{ $value }}" # multiple etcd address
{{- end}}
{{- end }}
prefix: {{ .Values.etcd.prefix | quote }} # configuration prefix in
etcd
timeout: {{ .Values.etcd.timeout }} # 30 seconds
- {{- if and (not .Values.etcd.enabled) .Values.etcd.user }}
- user: {{ .Values.etcd.user | quote }}
- password: {{ .Values.etcd.password | quote }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.user }}
+ user: {{ .Values.externalEtcd.user | quote }}
+ password: "{{ print "${{ APISIX_ETCD_PASSWORD }}" }}"
{{- else if and .Values.etcd.enabled .Values.etcd.auth.rbac.create }}
user: "root"
- password: {{ .Values.etcd.auth.rbac.rootPassword | quote }}
+ password: "{{ print "${{APISIX_ETCD_PASSWORD}}" }}"
{{- end }}
{{- if .Values.etcd.auth.tls.enabled }}
tls:
@@ -364,27 +363,25 @@ data:
{{- end }}
{{- end }}
- {{- if eq .Values.deployment.role "data_plane" }}
+ {{- if eq .Values.apisix.deployment.role "data_plane" }}
role_data_plane:
config_provider: control_plane
control_plane:
host:
- {{- range $.Values.deployment.dataPlane.controlPlane.host }}
+ {{- range $.Values.apisix.deployment.dataPlane.controlPlane.host }}
- {{ . | quote }}
{{- end }}
- prefix: {{ .Values.deployment.dataPlane.controlPlane.prefix }}
- timeout: {{ .Values.deployment.dataPlane.controlPlane.timeout }}
+ prefix: {{ .Values.apisix.deployment.dataPlane.controlPlane.prefix }}
+ timeout: {{ .Values.apisix.deployment.dataPlane.controlPlane.timeout
}}
{{- end }}
- {{- if eq .Values.deployment.mode "decoupled"}}
- {{- if .Values.deployment.certs.certsSecret }}
+ {{- if eq .Values.apisix.deployment.mode "decoupled"}}
+ {{- if .Values.apisix.deployment.certs.certsSecret }}
certs:
- cert: "/conf-client-ssl/{{ .Values.deployment.certs.cert }}"
- cert_key: "/conf-client-ssl/{{ .Values.deployment.certs.cert_key }}"
- {{- if .Values.deployment.certs.mTLSCACertSecret }}
- trusted_ca_cert: "/conf-ca-ssl/{{ .Values.deployment.certs.mTLSCACert
}}"
+ cert: "/conf-client-ssl/{{ .Values.apisix.deployment.certs.cert }}"
+ cert_key: "/conf-client-ssl/{{
.Values.apisix.deployment.certs.cert_key }}"
+ {{- if .Values.apisix.deployment.certs.mTLSCACertSecret }}
+ trusted_ca_cert: "/conf-ca-ssl/{{
.Values.apisix.deployment.certs.mTLSCACert }}"
{{- end }}
{{- end }}
{{- end }}
-
-{{- end }}
diff --git a/charts/apisix/templates/daemonset.yaml
b/charts/apisix/templates/daemonset.yaml
deleted file mode 100644
index b22a775..0000000
--- a/charts/apisix/templates/daemonset.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-{{- if and (.Values.apisix.enabled) (eq .Values.apisix.kind "DaemonSet") }}
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: {{ include "apisix.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "apisix.labels" . | nindent 4 }}
-spec:
- selector:
- matchLabels:
- {{- include "apisix.selectorLabels" . | nindent 6 }}
- {{- if .Values.updateStrategy }}
- updateStrategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
- {{- end }}
- template:
- {{- include "apisix.podTemplate" . | nindent 4 }}
-{{- end }}
diff --git a/charts/apisix/templates/deployment.yaml
b/charts/apisix/templates/deployment.yaml
index 8ce2fcb..1b6b843 100644
--- a/charts/apisix/templates/deployment.yaml
+++ b/charts/apisix/templates/deployment.yaml
@@ -13,24 +13,298 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if and (.Values.apisix.enabled) (eq .Values.apisix.kind "Deployment") }}
apiVersion: apps/v1
-kind: Deployment
+kind: {{ ternary "DaemonSet" "Deployment" .Values.useDaemonSet }}
metadata:
name: {{ include "apisix.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "apisix.labels" . | nindent 4 }}
spec:
-{{- if not .Values.autoscaling.enabled }}
- replicas: {{ .Values.apisix.replicaCount }}
+{{- if and (not .Values.useDaemonSet) (not .Values.autoscaling.enabled) }}
+ replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "apisix.selectorLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
+ {{- if (not .Values.useDaemonSet) }}
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
+ {{- else }}
+ updateStrategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
+ {{- end }}
{{- end }}
template:
- {{- include "apisix.podTemplate" . | nindent 4 }}
-{{- end }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath
"/configmap.yaml") . | sha256sum }}
+ {{- if .Values.podAnnotations }}
+ {{- range $key, $value := $.Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- include "apisix.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+ {{- range $.Values.global.imagePullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: {{ include "apisix.serviceAccountName" . }}
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- . | toYaml | nindent 8 }}
+ {{- end }}
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- . | toYaml | nindent 12 }}
+ {{- end }}
+ image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion
.Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ {{- if .Values.timezone }}
+ - name: TZ
+ value: {{ .Values.timezone }}
+ {{- end }}
+ {{- if .Values.extraEnvVars }}
+ {{- include "apisix.tplvalues.render" (dict "value"
.Values.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+
+ {{- if .Values.apisix.admin.credentials.secretName }}
+ - name: APISIX_ADMIN_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.apisix.admin.credentials.secretName }}
+ key: admin
+ - name: APISIX_VIEWER_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.apisix.admin.credentials.secretName }}
+ key: viewer
+ {{- end }}
+
+ {{- if or (and .Values.etcd.enabled .Values.etcd.auth.rbac.create)
(and (not .Values.etcd.enabled) .Values.externalEtcd.user) }}
+ - name: APISIX_ETCD_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "apisix.etcd.secretName" . }}
+ key: {{ include "apisix.etcd.secretPasswordKey" . }}
+ {{- end }}
+
+ ports:
+ - name: http
+ containerPort: {{ .Values.service.http.containerPort }}
+ protocol: TCP
+ {{- range .Values.service.http.additionalContainerPorts }}
+ - name: http-{{ .port | toString }}
+ containerPort: {{ .port }}
+ protocol: TCP
+ {{- end }}
+ - name: tls
+ containerPort: {{ .Values.apisix.ssl.containerPort }}
+ protocol: TCP
+ {{- range .Values.apisix.ssl.additionalContainerPorts }}
+ - name: tls-{{ .port | toString }}
+ containerPort: {{ .port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.apisix.admin.enabled }}
+ - name: admin
+ containerPort: {{ .Values.apisix.admin.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.apisix.prometheus.enabled }}
+ - name: prometheus
+ containerPort: {{ .Values.apisix.prometheus.containerPort }}
+ protocol: TCP
+ {{- end }}
+ {{- if and .Values.service.stream.enabled (or (gt (len
.Values.service.stream.tcp) 0) (gt (len .Values.service.stream.udp) 0)) }}
+ {{- with .Values.service.stream }}
+ {{- if (gt (len .tcp) 0) }}
+ {{- range $index, $port := .tcp }}
+ - name: proxy-tcp-{{ $index | toString }}
+ {{- if kindIs "map" $port }}
+ containerPort: {{ splitList ":" ($port.addr | toString) | last }}
+ {{- else }}
+ containerPort: {{ $port }}
+ {{- end }}
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ {{- if (gt (len .udp) 0) }}
+ {{- range $index, $port := .udp }}
+ - name: proxy-udp-{{ $index | toString }}
+ containerPort: {{ $port }}
+ protocol: UDP
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+ {{- if ne .Values.apisix.deployment.role "control_plane" }}
+ readinessProbe:
+ failureThreshold: 6
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ tcpSocket:
+ port: {{ .Values.service.http.containerPort }}
+ timeoutSeconds: 1
+ {{- end }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - "sleep 30"
+ volumeMounts:
+ {{- if .Values.apisix.setIDFromPodUID }}
+ - mountPath: /usr/local/apisix/conf/apisix.uid
+ name: id
+ subPath: apisix.uid
+ {{- end }}
+ - mountPath: /usr/local/apisix/conf/config.yaml
+ name: apisix-config
+ subPath: config.yaml
+ {{- if and .Values.apisix.ssl.enabled
.Values.apisix.ssl.existingCASecret }}
+ - mountPath: /usr/local/apisix/conf/ssl/{{
.Values.apisix.ssl.certCAFilename }}
+ name: ssl
+ subPath: {{ .Values.apisix.ssl.certCAFilename }}
+ {{- end }}
+
+ {{- if and (eq .Values.apisix.deployment.role "control_plane")
.Values.apisix.deployment.controlPlane.certsSecret }}
+ - mountPath: /conf-server-ssl
+ name: conf-server-ssl
+ {{- end }}
+
+ {{- if and (eq .Values.apisix.deployment.mode "decoupled")
.Values.apisix.deployment.certs.mTLSCACertSecret }}
+ - mountPath: /conf-ca-ssl
+ name: conf-ca-ssl
+ {{- end }}
+
+ {{- if and (eq .Values.apisix.deployment.mode "decoupled")
.Values.apisix.deployment.certs.certsSecret }}
+ - mountPath: /conf-client-ssl
+ name: conf-client-ssl
+ {{- end }}
+
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - mountPath: /etcd-ssl
+ name: etcd-ssl
+ {{- end }}
+ {{- if .Values.apisix.customPlugins.enabled }}
+ {{- range $plugin := .Values.apisix.customPlugins.plugins }}
+ {{- range $mount := $plugin.configMap.mounts }}
+ {{- if ne $plugin.configMap.name "" }}
+ - mountPath: {{ $mount.path }}
+ name: plugin-{{ $plugin.configMap.name }}
+ subPath: {{ $mount.key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ {{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts
}}
+ - mountPath: {{ $mount.path }}
+ name: lua-module-hook
+ subPath: {{ $mount.key }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- if .Values.hostNetwork }}
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- end }}
+ hostNetwork: {{ .Values.hostNetwork }}
+ initContainers:
+ {{- if .Values.etcd.enabled }}
+ - name: wait-etcd
+ image: {{ .Values.initContainer.image }}:{{
.Values.initContainer.tag }}
+ {{- if .Values.etcd.fullnameOverride }}
+ command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride
}} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2;
done;"]
+ {{ else }}
+ command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{
.Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{
.Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
+ {{- end }}
+ {{- end }}
+ {{- if .Values.extraInitContainers }}
+ {{- toYaml .Values.extraInitContainers | nindent 8 }}
+ {{- end }}
+ volumes:
+ - configMap:
+ name: {{ include "apisix.fullname" . }}
+ name: apisix-config
+ {{- if and .Values.apisix.ssl.enabled
.Values.apisix.ssl.existingCASecret }}
+ - secret:
+ secretName: {{ .Values.apisix.ssl.existingCASecret | quote }}
+ name: ssl
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - secret:
+ secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
+ name: etcd-ssl
+ {{- end }}
+ {{- if and (eq .Values.apisix.deployment.role "control_plane")
.Values.apisix.deployment.controlPlane.certsSecret }}
+ - secret:
+ secretName: {{ .Values.apisix.deployment.controlPlane.certsSecret
| quote }}
+ name: conf-server-ssl
+ {{- end }}
+
+ {{- if and (eq .Values.apisix.deployment.mode "decoupled")
.Values.apisix.deployment.certs.mTLSCACertSecret }}
+ - secret:
+ secretName: {{ .Values.apisix.deployment.certs.mTLSCACertSecret |
quote }}
+ name: conf-ca-ssl
+ {{- end }}
+
+ {{- if and (eq .Values.apisix.deployment.mode "decoupled")
.Values.apisix.deployment.certs.certsSecret }}
+ - secret:
+ secretName: {{ .Values.apisix.deployment.certs.certsSecret | quote
}}
+ name: conf-client-ssl
+ {{- end }}
+ {{- if .Values.apisix.setIDFromPodUID }}
+ - downwardAPI:
+ items:
+ - path: "apisix.uid"
+ fieldRef:
+ fieldPath: metadata.uid
+ name: id
+ {{- end }}
+ {{- if .Values.apisix.customPlugins.enabled }}
+ {{- range $plugin := .Values.apisix.customPlugins.plugins }}
+ {{- if ne $plugin.configMap.name "" }}
+ - name: plugin-{{ $plugin.configMap.name }}
+ configMap:
+ name: {{ $plugin.configMap.name }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ - name: lua-module-hook
+ configMap:
+ name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/apisix/templates/etcd-secret.yaml
b/charts/apisix/templates/etcd-secret.yaml
new file mode 100644
index 0000000..ffc15d8
--- /dev/null
+++ b/charts/apisix/templates/etcd-secret.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.externalEtcd.user (and (not .Values.etcd.enabled) (not
.Values.externalEtcd.existingSecret)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "apisix.etcd.secretName" . }}
+ namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+ {{ .Values.externalEtcd.secretPasswordKey }}: {{
.Values.externalEtcd.password | b64enc | quote }}
+{{- end }}
diff --git a/charts/apisix/templates/hpa.yaml b/charts/apisix/templates/hpa.yaml
index c994c88..db3acc5 100644
--- a/charts/apisix/templates/hpa.yaml
+++ b/charts/apisix/templates/hpa.yaml
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if and .Values.apisix.enabled .Values.autoscaling.enabled }}
+{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/{{ .Values.autoscaling.version }}
kind: HorizontalPodAutoscaler
diff --git a/charts/apisix/templates/ingress-admin.yaml
b/charts/apisix/templates/ingress-admin.yaml
index 8d5e3ff..45b8747 100644
--- a/charts/apisix/templates/ingress-admin.yaml
+++ b/charts/apisix/templates/ingress-admin.yaml
@@ -14,12 +14,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if (and .Values.admin.enabled .Values.admin.ingress.enabled) -}}
+{{- if (and .Values.apisix.admin.enabled .Values.apisix.admin.ingress.enabled)
-}}
{{- $fullName := include "apisix.fullname" . -}}
-{{- $svcPort := .Values.admin.servicePort -}}
-{{- if and .Values.admin.ingress.className (not (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion)) }}
- {{- if not (hasKey .Values.admin.ingress.annotations
"kubernetes.io/ingress.class") }}
- {{- $_ := set .Values.admin.ingress.annotations
"kubernetes.io/ingress.class" .Values.admin.ingress.className}}
+{{- $svcPort := .Values.apisix.admin.servicePort -}}
+{{- if and .Values.apisix.admin.ingress.className (not (semverCompare
">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.apisix.admin.ingress.annotations
"kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.apisix.admin.ingress.annotations
"kubernetes.io/ingress.class" .Values.apisix.admin.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
@@ -34,17 +34,17 @@ metadata:
name: {{ $fullName }}-admin
labels:
{{- include "apisix.labels" . | nindent 4 }}
- {{- with .Values.admin.ingress.annotations }}
+ {{- with .Values.apisix.admin.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
- {{- if and .Values.admin.ingress.className (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion) }}
- ingressClassName: {{ .Values.admin.ingress.className }}
+ {{- if and .Values.apisix.admin.ingress.className (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.apisix.admin.ingress.className }}
{{- end }}
- {{- if .Values.admin.ingress.tls }}
+ {{- if .Values.apisix.admin.ingress.tls }}
tls:
- {{- range .Values.admin.ingress.tls }}
+ {{- range .Values.apisix.admin.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
@@ -53,7 +53,7 @@ spec:
{{- end }}
{{- end }}
rules:
- {{- range .Values.admin.ingress.hosts }}
+ {{- range .Values.apisix.admin.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
diff --git a/charts/apisix/templates/ingress.yaml
b/charts/apisix/templates/ingress.yaml
index 7ab3347..75d52d4 100644
--- a/charts/apisix/templates/ingress.yaml
+++ b/charts/apisix/templates/ingress.yaml
@@ -14,12 +14,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if (and .Values.apisix.enabled .Values.gateway.ingress.enabled) -}}
+{{- if (.Values.ingress.enabled) -}}
{{- $fullName := include "apisix.fullname" . -}}
-{{- $svcPort := .Values.gateway.http.servicePort -}}
-{{- if and .Values.gateway.ingress.className (not (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion)) }}
- {{- if not (hasKey .Values.gateway.ingress.annotations
"kubernetes.io/ingress.class") }}
- {{- $_ := set .Values.gateway.ingress.annotations
"kubernetes.io/ingress.class" .Values.gateway.ingress.className}}
+{{- $svcPort := .Values.service.http.servicePort -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.annotations
"kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class"
.Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
@@ -34,17 +34,17 @@ metadata:
name: {{ $fullName }}
labels:
{{- include "apisix.labels" . | nindent 4 }}
- {{- with .Values.gateway.ingress.annotations }}
+ {{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
- {{- if and .Values.gateway.ingress.className (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion) }}
- ingressClassName: {{ .Values.gateway.ingress.className }}
+ {{- if and .Values.ingress.className (semverCompare ">=1.18-0"
.Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.className }}
{{- end }}
- {{- if .Values.gateway.ingress.tls }}
+ {{- if .Values.ingress.tls }}
tls:
- {{- range .Values.gateway.ingress.tls }}
+ {{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
@@ -53,7 +53,7 @@ spec:
{{- end }}
{{- end }}
rules:
- {{- range .Values.gateway.ingress.hosts }}
+ {{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
diff --git a/charts/apisix/templates/pdb.yaml b/charts/apisix/templates/pdb.yaml
index e37239f..df8b796 100644
--- a/charts/apisix/templates/pdb.yaml
+++ b/charts/apisix/templates/pdb.yaml
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if (and .Values.apisix.enabled .Values.apisix.podDisruptionBudget.enabled)
}}
+{{- if (.Values.podDisruptionBudget.enabled) }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
@@ -23,10 +23,10 @@ metadata:
labels:
{{- include "apisix.labels" . | nindent 4 }}
spec:
-{{- if .Values.apisix.podDisruptionBudget.minAvailable }}
- minAvailable: {{ .Values.apisix.podDisruptionBudget.minAvailable }}
+{{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- else }}
- maxUnavailable: {{ .Values.apisix.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
diff --git a/charts/apisix/templates/service-admin.yaml
b/charts/apisix/templates/service-admin.yaml
index 4a033d2..c776c6e 100644
--- a/charts/apisix/templates/service-admin.yaml
+++ b/charts/apisix/templates/service-admin.yaml
@@ -13,44 +13,44 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ if (and .Values.apisix.enabled .Values.admin.enabled) }}
+{{ if (.Values.apisix.admin.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "apisix.fullname" . }}-admin
namespace: {{ .Release.Namespace }}
annotations:
- {{- range $key, $value := .Values.admin.annotations }}
+ {{- range $key, $value := .Values.apisix.admin.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "apisix.labels" . | nindent 4 }}
app.kubernetes.io/service: apisix-admin
spec:
- type: {{ .Values.admin.type }}
- {{- if eq .Values.admin.type "LoadBalancer" }}
- {{- if .Values.admin.loadBalancerIP }}
- loadBalancerIP: {{ .Values.admin.loadBalancerIP }}
+ type: {{ .Values.apisix.admin.type }}
+ {{- if eq .Values.apisix.admin.type "LoadBalancer" }}
+ {{- if .Values.apisix.admin.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.apisix.admin.loadBalancerIP }}
{{- end }}
- {{- if .Values.admin.loadBalancerSourceRanges }}
+ {{- if .Values.apisix.admin.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
- {{- range $cidr := .Values.admin.loadBalancerSourceRanges }}
+ {{- range $cidr := .Values.apisix.admin.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- end }}
- {{- if gt (len .Values.admin.externalIPs) 0 }}
+ {{- if gt (len .Values.apisix.admin.externalIPs) 0 }}
externalIPs:
- {{- range $ip := .Values.admin.externalIPs }}
+ {{- range $ip := .Values.apisix.admin.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
ports:
- name: apisix-admin
- port: {{ .Values.admin.servicePort }}
- targetPort: {{ .Values.admin.port }}
- {{- if (and (eq .Values.admin.type "NodePort") (not (empty
.Values.admin.nodePort))) }}
- nodePort: {{ .Values.admin.nodePort }}
+ port: {{ .Values.apisix.admin.servicePort }}
+ targetPort: {{ .Values.apisix.admin.port }}
+ {{- if (and (eq .Values.apisix.admin.type "NodePort") (not (empty
.Values.apisix.admin.nodePort))) }}
+ nodePort: {{ .Values.apisix.admin.nodePort }}
{{- end }}
protocol: TCP
selector:
diff --git a/charts/apisix/templates/service-control-plane.yaml
b/charts/apisix/templates/service-control-plane.yaml
index a532641..b61ffd4 100644
--- a/charts/apisix/templates/service-control-plane.yaml
+++ b/charts/apisix/templates/service-control-plane.yaml
@@ -13,14 +13,14 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if and (eq .Values.deployment.mode "decoupled") (eq
.Values.deployment.role "control_plane") }}
+{{- if and (eq .Values.apisix.deployment.mode "decoupled") (eq
.Values.apisix.deployment.role "control_plane") }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "apisix.fullname" . }}-control-plane
namespace: {{ .Release.Namespace }}
annotations:
- {{- range $key, $value := .Values.admin.annotations }}
+ {{- range $key, $value := .Values.apisix.admin.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
@@ -30,8 +30,8 @@ spec:
type: "ClusterIP"
ports:
- name: apisix-control-plane
- port: {{ .Values.deployment.controlPlane.confServerPort }}
- targetPort: {{ .Values.deployment.controlPlane.confServerPort }}
+ port: {{ .Values.apisix.deployment.controlPlane.confServerPort }}
+ targetPort: {{ .Values.apisix.deployment.controlPlane.confServerPort }}
protocol: TCP
selector:
{{- include "apisix.selectorLabels" . | nindent 4 }}
diff --git a/charts/apisix/templates/service-gateway.yaml
b/charts/apisix/templates/service-gateway.yaml
index 1d4aafa..7797435 100644
--- a/charts/apisix/templates/service-gateway.yaml
+++ b/charts/apisix/templates/service-gateway.yaml
@@ -14,71 +14,70 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if .Values.apisix.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "apisix.fullname" . }}-gateway
namespace: {{ .Release.Namespace }}
annotations:
- {{- range $key, $value := .Values.gateway.annotations }}
+ {{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
{{- include "apisix.labels" . | nindent 4 }}
app.kubernetes.io/service: apisix-gateway
spec:
- type: {{ .Values.gateway.type }}
- externalTrafficPolicy: {{ .Values.gateway.externalTrafficPolicy }}
- {{- if eq .Values.gateway.type "LoadBalancer" }}
- {{- if .Values.gateway.loadBalancerIP }}
- loadBalancerIP: {{ .Values.gateway.loadBalancerIP }}
+ type: {{ .Values.service.type }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+ {{- if eq .Values.service.type "LoadBalancer" }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
- {{- if .Values.gateway.loadBalancerSourceRanges }}
+ {{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
- {{- range $cidr := .Values.gateway.loadBalancerSourceRanges }}
+ {{- range $cidr := .Values.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- end }}
- {{- if gt (len .Values.gateway.externalIPs) 0 }}
+ {{- if gt (len .Values.service.externalIPs) 0 }}
externalIPs:
- {{- range $ip := .Values.gateway.externalIPs }}
+ {{- range $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
ports:
- {{- if .Values.gateway.http.enabled }}
+ {{- if .Values.service.http.enabled }}
- name: apisix-gateway
- port: {{ .Values.gateway.http.servicePort }}
- targetPort: {{ .Values.gateway.http.containerPort }}
- {{- if (and (eq .Values.gateway.type "NodePort") (not (empty
.Values.gateway.http.nodePort))) }}
- nodePort: {{ .Values.gateway.http.nodePort }}
+ port: {{ .Values.service.http.servicePort }}
+ targetPort: {{ .Values.service.http.containerPort }}
+ {{- if (and (eq .Values.service.type "NodePort") (not (empty
.Values.service.http.nodePort))) }}
+ nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
protocol: TCP
{{- end }}
- {{- range .Values.gateway.http.additionalContainerPorts }}
+ {{- range .Values.service.http.additionalContainerPorts }}
- name: apisix-gateway-{{ .port | toString }}
port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
{{- end }}
- {{- if or .Values.gateway.tls.enabled }}
+ {{- if or .Values.apisix.ssl.enabled }}
- name: apisix-gateway-tls
- port: {{ .Values.gateway.tls.servicePort }}
- targetPort: {{ .Values.gateway.tls.containerPort }}
- {{- if (and (eq .Values.gateway.type "NodePort") (not (empty
.Values.gateway.tls.nodePort))) }}
- nodePort: {{ .Values.gateway.tls.nodePort }}
+ port: {{ .Values.service.tls.servicePort }}
+ targetPort: {{ .Values.apisix.ssl.containerPort }}
+ {{- if (and (eq .Values.service.type "NodePort") (not (empty
.Values.service.tls.nodePort))) }}
+ nodePort: {{ .Values.service.tls.nodePort }}
{{- end }}
protocol: TCP
{{- end }}
- {{- range .Values.gateway.tls.additionalContainerPorts }}
+ {{- range .Values.apisix.ssl.additionalContainerPorts }}
- name: apisix-gateway-tls-{{ .port | toString }}
port: {{ .port }}
targetPort: {{ .port }}
{{- end }}
- {{- if and .Values.gateway.stream.enabled (or (gt (len
.Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
- {{- with .Values.gateway.stream }}
+ {{- if and .Values.service.stream.enabled (or (gt (len
.Values.service.stream.tcp) 0) (gt (len .Values.service.stream.udp) 0)) }}
+ {{- with .Values.service.stream }}
{{- if (gt (len .tcp) 0) }}
{{- range $index, $port := .tcp }}
- name: proxy-tcp-{{ $index | toString }}
@@ -105,4 +104,3 @@ spec:
{{- end }}
selector:
{{- include "apisix.selectorLabels" . | nindent 4 }}
-{{- end }}
diff --git a/charts/apisix/templates/service-metrics.yaml
b/charts/apisix/templates/service-metrics.yaml
index aa05713..6dad0e2 100644
--- a/charts/apisix/templates/service-metrics.yaml
+++ b/charts/apisix/templates/service-metrics.yaml
@@ -13,7 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if .Values.serviceMonitor.enabled}}
+{{- if .Values.apisix.prometheus.enabled}}
apiVersion: v1
kind: Service
metadata:
@@ -26,8 +26,8 @@ spec:
type: ClusterIP
ports:
- name: prometheus
- port: {{ .Values.serviceMonitor.containerPort }}
- targetPort: {{ .Values.serviceMonitor.containerPort }}
+ port: {{ .Values.apisix.prometheus.containerPort }}
+ targetPort: {{ .Values.apisix.prometheus.containerPort }}
protocol: TCP
selector:
{{- include "apisix.selectorLabels" . | nindent 4 }}
diff --git a/charts/apisix/templates/service-monitor.yaml
b/charts/apisix/templates/service-monitor.yaml
index b35b0d4..1b4d146 100644
--- a/charts/apisix/templates/service-monitor.yaml
+++ b/charts/apisix/templates/service-monitor.yaml
@@ -14,24 +14,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- if .Values.serviceMonitor.enabled }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
- name: {{ .Values.serviceMonitor.name | default (include "apisix.fullname" .)
}}
- namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace
}}
+ name: {{ .Values.metrics.serviceMonitor.name | default (include
"apisix.fullname" .) }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace | default
.Release.Namespace }}
labels:
{{- include "apisix.labels" . | nindent 4 }}
- {{- if .Values.serviceMonitor.labels }}
- {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+ {{- if .Values.metrics.serviceMonitor.labels }}
+ {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
{{- end }}
- {{- if .Values.serviceMonitor.annotations }}
- annotations: {{- toYaml .Values.serviceMonitor.annotations | nindent 4 }}
+ {{- if .Values.metrics.serviceMonitor.annotations }}
+ annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent
4 }}
{{- end }}
spec:
namespaceSelector:
matchNames:
- - {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
+ - {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace
}}
selector:
matchLabels:
{{- include "apisix.labels" . | nindent 6 }}
@@ -39,6 +39,6 @@ spec:
endpoints:
- scheme: http
targetPort: prometheus
- path: {{ .Values.serviceMonitor.path }}
- interval: {{ .Values.serviceMonitor.interval }}
+ path: {{ .Values.apisix.prometheus.path }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index bec9c4b..af4930e 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -22,140 +22,123 @@ global:
# -- Global Docker registry secret names as an array
imagePullSecrets: []
-apisix:
- # -- Enable or disable Apache APISIX itself
- # Set it to false and ingress-controller.enabled=true will deploy only
ingress-controller
- enabled: true
+image:
+ # -- Apache APISIX image repository
+ repository: apache/apisix
+ # -- Apache APISIX image pull policy
+ pullPolicy: IfNotPresent
+ # -- Apache APISIX image tag
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: 3.3.0-debian
+
+# -- set false to use `Deployment`, set true to use `DaemonSet`
+useDaemonSet: false
+# -- if useDaemonSet is true or autoscaling.enabled is true, replicaCount not
become effective
+replicaCount: 1
+
+# -- Set
[priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
for Apache APISIX pods
+priorityClassName: ""
+# -- Annotations to add to each pod
+podAnnotations: {}
+# -- Set the securityContext for Apache APISIX pods
+podSecurityContext: {}
+ # fsGroup: 2000
+# -- Set the securityContext for Apache APISIX container
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+# -- See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for
more details
+podDisruptionBudget:
+ # -- Enable or disable podDisruptionBudget
+ enabled: false
+ # -- Set the `minAvailable` of podDisruptionBudget. You can specify only one
of `maxUnavailable` and `minAvailable` in a single PodDisruptionBudget.
+ # See [Specifying a Disruption Budget for your
Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
+ # for more details
+ minAvailable: 90%
+ # -- Set the maxUnavailable of podDisruptionBudget
+ maxUnavailable: 1
+
+# -- Set pod resource requests & limits
+resources: {}
+ # -- Use the host's network namespace
+
+ # We usually recommend not to specify default resources and to leave this as
a conscious
+ # choice for the user. This also increases chances charts run on
environments with little
+ # resources, such as Minikube. If you do want to specify resources,
uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after
'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+hostNetwork: false
+
+# -- Node labels for Apache APISIX pod assignment
+nodeSelector: {}
+# -- List of node taints to tolerate
+tolerations: []
+# -- Set affinity for Apache APISIX deploy
+affinity: {}
+
+# -- timezone is the timezone where apisix uses.
+# For example: "UTC" or "Asia/Shanghai"
+# This value will be set on apisix container's environment variable TZ.
+# You may need to set the timezone to be consistent with your local time zone,
+# otherwise the apisix's logs may used to retrieve event maybe in wrong
timezone.
+timezone: ""
+
+# -- extraEnvVars An array to add extra env vars
+# e.g:
+# extraEnvVars:
+# - name: FOO
+# value: "bar"
+# - name: FOO2
+# valueFrom:
+# secretKeyRef:
+# name: SECRET_NAME
+# key: KEY
+extraEnvVars: []
- # -- Enable nginx IPv6 resolver
- enableIPv6: true
+updateStrategy: {}
+ # type: RollingUpdate
- # -- Whether the APISIX version number should be shown in Server header
- enableServerTokens: true
+# -- Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
+extraVolumes: []
+# - name: extras
+# emptyDir: {}
- # -- Use Pod metadata.uid as the APISIX id.
- setIDFromPodUID: false
+# -- Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
+extraVolumeMounts: []
+# - name: extras
+# mountPath: /usr/share/extras
+# readOnly: true
- # -- Add custom
[lua_shared_dict](https://github.com/openresty/lua-nginx-module#toc88) settings,
- # click
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
to learn the format of a shared dict
- customLuaSharedDicts: []
- # - name: foo
- # size: 10k
- # - name: bar
- # size: 1m
- # -- Whether to add a custom lua module
- luaModuleHook:
- enabled: false
- # -- extend lua_package_path to load third party code
- luaPath: ""
- # -- the hook module which will be used to inject third party code into
APISIX
- # use the lua require style like: "module.say_hello"
- hookPoint: ""
- # -- configmap that stores the codes
- configMapRef:
- # -- Name of the ConfigMap where the lua module codes store
- name: ""
- # mounts decides how to mount the codes to the container.
- mounts:
- # -- Name of the ConfigMap key, for setting the mapping relationship
between ConfigMap key and the lua module code path.
- - key: ""
- # -- Filepath of the plugin code, for setting the mapping relationship
between ConfigMap key and the lua module code path.
- path: ""
+# -- Additional `initContainers`, See [Kubernetes
initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
for the detail.
+extraInitContainers: []
+# - name: init-myservice
+# image: busybox:1.28
+# command: ['sh', '-c', "until nslookup myservice.$(cat
/var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do
echo waiting for myservice; sleep 2; done"]
- # -- Defines how apisix handles routing:
- # - radixtree_uri: match route by uri(base on radixtree)
- # - radixtree_host_uri: match route by host + uri(base on radixtree)
- # - radixtree_uri_with_parameter: match route by uri with parameters
- httpRouter: radixtree_host_uri
-
- # -- Enable full customized config.yaml
- enableCustomizedConfig: false
- # -- If apisix.enableCustomizedConfig is true, full customized config.yaml.
- # Please note that other settings about APISIX config will be ignored
- customizedConfig: {}
-
- image:
- # -- Apache APISIX image repository
- repository: apache/apisix
- # -- Apache APISIX image pull policy
- pullPolicy: IfNotPresent
- # -- Apache APISIX image tag
- # Overrides the image tag whose default is the chart appVersion.
- tag: 3.3.0-debian
-
- # -- Use a `DaemonSet` or `Deployment`
- kind: Deployment
- # -- kind is DaemonSet, replicaCount not become effective
- replicaCount: 1
-
- # -- Set
[priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
for Apache APISIX pods
- priorityClassName: ""
- # -- Annotations to add to each pod
- podAnnotations: {}
- # -- Set the securityContext for Apache APISIX pods
- podSecurityContext: {}
- # fsGroup: 2000
- # -- Set the securityContext for Apache APISIX container
- securityContext: {}
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
- # runAsUser: 1000
-
- # -- See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for
more details
- podDisruptionBudget:
- # -- Enable or disable podDisruptionBudget
- enabled: false
- # -- Set the `minAvailable` of podDisruptionBudget. You can specify only
one of `maxUnavailable` and `minAvailable` in a single PodDisruptionBudget.
- # See [Specifying a Disruption Budget for your
Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
- # for more details
- minAvailable: 90%
- # -- Set the maxUnavailable of podDisruptionBudget
- maxUnavailable: 1
-
- # -- Set pod resource requests & limits
- resources: {}
- # -- Use the host's network namespace
-
- # We usually recommend not to specify default resources and to leave this
as a conscious
- # choice for the user. This also increases chances charts run on
environments with little
- # resources, such as Minikube. If you do want to specify resources,
uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after
'resources:'.
- # limits:
- # cpu: 100m
- # memory: 128Mi
- # requests:
- # cpu: 100m
- # memory: 128Mi
- hostNetwork: false
-
- # -- Node labels for Apache APISIX pod assignment
- nodeSelector: {}
- # -- List of node taints to tolerate
- tolerations: []
- # -- Set affinity for Apache APISIX deploy
- affinity: {}
-
- # -- timezone is the timezone where apisix uses.
- # For example: "UTC" or "Asia/Shanghai"
- # This value will be set on apisix container's environment variable TZ.
- # You may need to set the timezone to be consistent with your local time
zone,
- # otherwise the apisix's logs may used to retrieve event maybe in wrong
timezone.
- timezone: ""
-
- # -- extraEnvVars An array to add extra env vars
- # e.g:
- # extraEnvVars:
- # - name: FOO
- # value: "bar"
- # - name: FOO2
- # valueFrom:
- # secretKeyRef:
- # name: SECRET_NAME
- # key: KEY
- extraEnvVars: []
+initContainer:
+ # -- Init container image
+ image: busybox
+ # -- Init container tag
+ tag: 1.28
+
+autoscaling:
+ enabled: false
+ # -- HPA version, the value is "v2" or "v2beta1", default "v2"
+ version: v2
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ targetMemoryUtilizationPercentage: 80
nameOverride: ""
fullnameOverride: ""
@@ -168,55 +151,7 @@ serviceAccount:
rbac:
create: false
-deployment:
- # -- Apache APISIX deployment mode
- # Optional: traditional, decoupled
- #
- # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
- mode: traditional
-
- # -- Deployment role
- # Optional: traditional, data_plane, control_plane
- #
- # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
- role: "traditional"
-
- # -- used for control_plane deployment mode
- controlPlane:
- # -- conf Server address
- confServerPort: "9280"
- # -- secret name used by conf Server
- certsSecret: ""
- # -- conf Server CA cert name in certsSecret
- cert: ""
- # -- conf Server cert key name in certsSecret
- certKey: ""
-
- # -- used for data_plane deployment mode
- dataPlane:
- controlPlane:
- # -- The hosts of the control_plane used by the data_plane
- host: []
- # -- The prefix of the control_plane used by the data_plane
- prefix: "/apisix"
- # -- Timeout when the data plane connects to the control plane
- timeout: 30
-
- # -- certs used for certificates in decoupled mode
- certs:
- # -- secret name used for decoupled mode
- certsSecret: ""
- # -- cert name in certsSecret
- cert: ""
- # -- cert key in certsSecret
- cert_key: ""
-
- # -- trusted_ca_cert name in certsSecret
- mTLSCACertSecret: ""
- # -- mTLS CA cert filename in mTLSCACertSecret
- mTLSCACert: ""
-
-gateway:
+service:
# -- Apache APISIX service type for user access itself
type: NodePort
# -- Setting how the Service route external traffic
@@ -242,39 +177,15 @@ gateway:
# enable_http2: true
# -- Apache APISIX service settings for tls
tls:
- enabled: false
servicePort: 443
- containerPort: 9443
- # -- Support multiple https ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
- additionalContainerPorts: []
- # - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
- # port: 9445
- # enable_http2: true
- # -- Specifies the name of Secret contains trusted CA certificates in the
PEM format used to verify the certificate when APISIX needs to do SSL/TLS
handshaking with external services (e.g. etcd)
- existingCASecret: ""
- # -- Filename be used in the gateway.tls.existingCASecret
- certCAFilename: ""
- http2:
- enabled: true
- # -- TLS protocols allowed to use.
- sslProtocols: "TLSv1.2 TLSv1.3"
+ # nodePort: 4443
+
# -- Apache APISIX service settings for stream. L4 proxy (TCP/UDP)
stream:
enabled: false
only: false
tcp: []
udp: []
- # -- Using ingress access Apache APISIX service
- ingress:
- enabled: false
- # -- Ingress annotations
- annotations: {}
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- hosts:
- - host: apisix.local
- paths: []
- tls: []
# - secretName: apisix-tls
# hosts:
# - chart-example.local
@@ -283,259 +194,376 @@ gateway:
# labelsOverride:
# app.kubernetes.io/name: "{{ .Release.Name }}"
# app.kubernetes.io/instance: '{{ include "apisix.name" . }}'
-admin:
- # -- Enable Admin API
- enabled: true
- # -- admin service type
- type: ClusterIP
- # loadBalancerIP: a.b.c.d
- # loadBalancerSourceRanges:
- # - "143.231.0.0/16"
- # -- IPs for which nodes in the cluster will also accept traffic for the
servic
- externalIPs: []
- # -- which ip to listen on for Apache APISIX admin API. Set to `"[::]"` when
on IPv6 single stack
- ip: 0.0.0.0
- # -- which port to use for Apache APISIX admin API
- port: 9180
- # -- Service port to use for Apache APISIX admin API
- servicePort: 9180
- # -- Admin API support CORS response headers
- cors: true
- # -- Admin API credentials
- credentials:
- # -- Apache APISIX admin API admin role credentials
- admin: edd1c9f034335f136f87ad84b625c8f1
- # -- Apache APISIX admin API viewer role credentials
- viewer: 4054f7cf07e344346cd3f287985e76a2
-
- # -- The APISIX Helm chart supports storing user credentials in a secret.
- # The secret needs to contain two keys, admin and viewer, with their
respective values set.
- secretName: ""
-
- allow:
- # -- The client IP CIDR allowed to access Apache APISIX Admin API service.
- ipList:
- - 127.0.0.1/24
- # -- Using ingress access Apache APISIX admin service
- ingress:
- enabled: false
- # -- Ingress annotations
- annotations:
- {}
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- hosts:
- - host: apisix-admin.local
- paths:
- - "/apisix"
- tls: []
- # - secretName: apisix-tls
- # hosts:
- # - chart-example.local
-
-nginx:
- workerRlimitNofile: "20480"
- workerConnections: "10620"
- workerProcesses: auto
- enableCPUAffinity: true
- envs: []
-
-# -- Customize the list of APISIX plugins to enable. By default, APISIX's
default plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
-plugins: []
-# -- Customize the list of APISIX stream_plugins to enable. By default,
APISIX's default stream_plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
-stream_plugins: []
-
-# -- Set APISIX plugin attributes, see
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L376)
for more details
-pluginAttrs: {}
-
-extPlugin:
- # -- Enable External Plugins. See [external
plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/)
- enabled: false
- # -- the command and its arguements to run as a subprocess
- cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
-wasmPlugins:
- # -- Enable Wasm Plugins. See [wasm
plugin](https://apisix.apache.org/docs/apisix/next/wasm/)
+# -- Using ingress access Apache APISIX service
+ingress:
enabled: false
- plugins: []
+ # -- Ingress annotations
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: apisix.local
+ paths: []
+ tls: []
-# -- customPlugins allows you to mount your own HTTP plugins.
-customPlugins:
- # -- Whether to configure some custom plugins
- enabled: false
- # -- the lua_path that tells APISIX where it can find plugins,
- # note the last ';' is required.
- luaPath: "/opts/custom_plugins/?.lua"
- plugins:
- # -- plugin name.
- - name: "plugin-name"
- # -- plugin attrs
- attrs: {}
- # -- plugin codes can be saved inside configmap object.
- configMap:
- # -- name of configmap.
- name: "configmap-name"
- # -- since keys in configmap is flat, mountPath allows to define the
mount
- # path, so that plugin codes can be mounted hierarchically.
- mounts:
- - key: "the-file-name"
- path: "mount-path"
+# -- Observability configuration.
+metrics:
+ serviceMonitor:
+ # -- Enable or disable Apache APISIX serviceMonitor
+ enabled: false
+ # -- namespace where the serviceMonitor is deployed, by default, it is the
same as the namespace of the apisix
+ namespace: ""
+ # -- name of the serviceMonitor, by default, it is the same as the apisix
fullname
+ name: ""
+ # -- interval at which metrics should be scraped
+ interval: 15s
+ # -- @param serviceMonitor.labels ServiceMonitor extra labels
+ labels: {}
+ # -- @param serviceMonitor.annotations ServiceMonitor annotations
+ annotations: {}
-updateStrategy: {}
- # type: RollingUpdate
+apisix:
+ # -- Enable nginx IPv6 resolver
+ enableIPv6: true
-# -- Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
-extraVolumes: []
-# - name: extras
-# emptyDir: {}
+ # -- Whether the APISIX version number should be shown in Server header
+ enableServerTokens: true
-# -- Additional `volume`, See [Kubernetes
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
-extraVolumeMounts: []
-# - name: extras
-# mountPath: /usr/share/extras
-# readOnly: true
+ # -- Use Pod metadata.uid as the APISIX id.
+ setIDFromPodUID: false
-# -- Additional `initContainers`, See [Kubernetes
initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
for the detail.
-extraInitContainers: []
-# - name: init-myservice
-# image: busybox:1.28
-# command: ['sh', '-c', "until nslookup myservice.$(cat
/var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do
echo waiting for myservice; sleep 2; done"]
+ # -- Whether to add a custom lua module
+ luaModuleHook:
+ enabled: false
+ # -- extend lua_package_path to load third party code
+ luaPath: ""
+ # -- the hook module which will be used to inject third party code into
APISIX
+ # use the lua require style like: "module.say_hello"
+ hookPoint: ""
+ # -- configmap that stores the codes
+ configMapRef:
+ # -- Name of the ConfigMap where the lua module codes store
+ name: ""
+ # mounts decides how to mount the codes to the container.
+ mounts:
+ # -- Name of the ConfigMap key, for setting the mapping relationship
between ConfigMap key and the lua module code path.
+ - key: ""
+ # -- Filepath of the plugin code, for setting the mapping relationship
between ConfigMap key and the lua module code path.
+ path: ""
-discovery:
- # -- Enable or disable Apache APISIX integration service discovery
- enabled: false
- # -- Registry is the same to the one in APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
- # and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery)
- registry: {}
- # Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
- # reference:
- # https://apisix.apache.org/docs/apisix/discovery/#configuration-for-eureka
- #
https://apisix.apache.org/docs/apisix/discovery/dns/#service-discovery-via-dns
- #
https://apisix.apache.org/docs/apisix/discovery/consul_kv/#configuration-for-consul-kv
- #
https://apisix.apache.org/docs/apisix/discovery/nacos/#configuration-for-nacos
- # https://apisix.apache.org/docs/apisix/discovery/kubernetes/#configuration
- #
- # an eureka example:
- # ```
- # eureka:
- # host:
- # - "http://${username}:${password}@${eureka_host1}:${eureka_port1}";
- # - "http://${username}:${password}@${eureka_host2}:${eureka_port2}";
- # prefix: "/eureka/"
- # fetch_interval: 30
- # weight: 100
- # timeout:
- # connect: 2000
- # send: 2000
- # read: 5000
- # ```
- #
- # the minimal Kubernetes example:
- # ```
- # kubernetes: {}
- # ```
- #
- # The prerequisites for the above minimal Kubernetes example:
- # 1. [Optional] Set `.serviceAccount.create` to `true` to create a
dedicated ServiceAccount.
- # It is recommended to do so, otherwise the default ServiceAccount
"default" will be used.
- # 2. [Required] Set `.rbac.create` to `true` to create and bind the
necessary RBAC resources.
- # This grants the ServiceAccount in use to List-Watch Kubernetes
Endpoints resources.
- # 3. [Required] Include the following environment variables in
`.nginx.envs` to pass them into
- # nginx worker processes
(https://nginx.org/en/docs/ngx_core_module.html#env):
- # - KUBERNETES_SERVICE_HOST
- # - KUBERNETES_SERVICE_PORT
- # This is for allowing the default `host` and `port` of
`.discovery.registry.kubernetes.service`.
-
-# access log and error log configuration
-logs:
- # -- Enable access log or not, default true
- enableAccessLog: true
- # -- Access log path
- accessLog: "/dev/stdout"
- # -- Access log format
- accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time
\"$upstream_scheme://$upstream_host$upstream_uri\"'
- # -- Allows setting json or default characters escaping in variables
- accessLogFormatEscape: default
- # -- Error log path
- errorLog: "/dev/stderr"
- # -- Error log level
- errorLogLevel: "warn"
-
-dns:
- resolvers:
- - 127.0.0.1
- - 172.20.0.10
- - 114.114.114.114
- - 223.5.5.5
- - 1.1.1.1
- - 8.8.8.8
- validity: 30
- timeout: 5
+ ssl:
+ enabled: false
+ containerPort: 9443
+ # -- Support multiple https ports, See
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
+ additionalContainerPorts: []
+ # - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
+ # port: 9445
+ # enable_http2: true
+ # -- Specifies the name of Secret contains trusted CA certificates in the
PEM format used to verify the certificate when APISIX needs to do SSL/TLS
handshaking with external services (e.g. etcd)
+ existingCASecret: ""
+ # -- Filename be used in the apisix.ssl.existingCASecret
+ certCAFilename: ""
+ http2:
+ enabled: true
+ # -- TLS protocols allowed to use.
+ sslProtocols: "TLSv1.2 TLSv1.3"
-initContainer:
- # -- Init container image
- image: busybox
- # -- Init container tag
- tag: 1.28
+ router:
+ # -- Defines how apisix handles routing:
+ # - radixtree_uri: match route by uri(base on radixtree)
+ # - radixtree_host_uri: match route by host + uri(base on radixtree)
+ # - radixtree_uri_with_parameter: match route by uri with parameters
+ http: radixtree_host_uri
-autoscaling:
- enabled: false
- # -- HPA version, the value is "v2" or "v2beta1", default "v2"
- version: v2
- minReplicas: 1
- maxReplicas: 100
- targetCPUUtilizationPercentage: 80
- targetMemoryUtilizationPercentage: 80
+ fullCustomConfig:
+ # -- Enable full customized config.yaml
+ enabled: false
+ # -- If apisix.fullCustomConfig.enabled is true, full customized
config.yaml.
+ # Please note that other settings about APISIX config will be ignored
+ config: {}
-# -- Custom configuration snippet.
-configurationSnippet:
- main: |
+ deployment:
+ # -- Apache APISIX deployment mode
+ # Optional: traditional, decoupled
+ #
+ # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
+ mode: traditional
- httpStart: |
+ # -- Deployment role
+ # Optional: traditional, data_plane, control_plane
+ #
+ # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
+ role: "traditional"
- httpEnd: |
+ # -- used for control_plane deployment mode
+ controlPlane:
+ # -- conf Server address
+ confServerPort: "9280"
+ # -- secret name used by conf Server
+ certsSecret: ""
+ # -- conf Server CA cert name in certsSecret
+ cert: ""
+ # -- conf Server cert key name in certsSecret
+ certKey: ""
+
+ # -- used for data_plane deployment mode
+ dataPlane:
+ controlPlane:
+ # -- The hosts of the control_plane used by the data_plane
+ host: []
+ # -- The prefix of the control_plane used by the data_plane
+ prefix: "/apisix"
+ # -- Timeout when the data plane connects to the control plane
+ timeout: 30
+
+ # -- certs used for certificates in decoupled mode
+ certs:
+ # -- secret name used for decoupled mode
+ certsSecret: ""
+ # -- cert name in certsSecret
+ cert: ""
+ # -- cert key in certsSecret
+ cert_key: ""
+
+ # -- trusted_ca_cert name in certsSecret
+ mTLSCACertSecret: ""
+ # -- mTLS CA cert filename in mTLSCACertSecret
+ mTLSCACert: ""
+
+ admin:
+ # -- Enable Admin API
+ enabled: true
+ # -- admin service type
+ type: ClusterIP
+ # loadBalancerIP: a.b.c.d
+ # loadBalancerSourceRanges:
+ # - "143.231.0.0/16"
+ # -- IPs for which nodes in the cluster will also accept traffic for the
servic
+ externalIPs: []
+ # -- which ip to listen on for Apache APISIX admin API. Set to `"[::]"`
when on IPv6 single stack
+ ip: 0.0.0.0
+ # -- which port to use for Apache APISIX admin API
+ port: 9180
+ # -- Service port to use for Apache APISIX admin API
+ servicePort: 9180
+ # -- Admin API support CORS response headers
+ cors: true
+ # -- Admin API credentials
+ credentials:
+ # -- Apache APISIX admin API admin role credentials
+ admin: edd1c9f034335f136f87ad84b625c8f1
+ # -- Apache APISIX admin API viewer role credentials
+ viewer: 4054f7cf07e344346cd3f287985e76a2
+
+ # -- The APISIX Helm chart supports storing user credentials in a secret.
+ # The secret needs to contain two keys, admin and viewer, with their
respective values set.
+ secretName: ""
+
+ allow:
+ # -- The client IP CIDR allowed to access Apache APISIX Admin API
service.
+ ipList:
+ - 127.0.0.1/24
+ # -- Using ingress access Apache APISIX admin service
+ ingress:
+ enabled: false
+ # -- Ingress annotations
+ annotations:
+ {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: apisix-admin.local
+ paths:
+ - "/apisix"
+ tls: []
+ # - secretName: apisix-tls
+ # hosts:
+ # - chart-example.local
+
+ nginx:
+ workerRlimitNofile: "20480"
+ workerConnections: "10620"
+ workerProcesses: auto
+ enableCPUAffinity: true
+ envs: []
+ # access log and error log configuration
+ logs:
+ # -- Enable access log or not, default true
+ enableAccessLog: true
+ # -- Access log path
+ accessLog: "/dev/stdout"
+ # -- Access log format
+ accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time
\"$upstream_scheme://$upstream_host$upstream_uri\"'
+ # -- Allows setting json or default characters escaping in variables
+ accessLogFormatEscape: default
+ # -- Error log path
+ errorLog: "/dev/stderr"
+ # -- Error log level
+ errorLogLevel: "warn"
+ # -- Custom configuration snippet.
+ configurationSnippet:
+ main: |
+
+ httpStart: |
+
+ httpEnd: |
+
+ httpSrv: |
+
+ httpAdmin: |
+
+ stream: |
+
+ # -- Add custom
[lua_shared_dict](https://github.com/openresty/lua-nginx-module#toc88) settings,
+ # click
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
to learn the format of a shared dict
+ customLuaSharedDicts: []
+ # - name: foo
+ # size: 10k
+ # - name: bar
+ # size: 1m
+
+ discovery:
+ # -- Enable or disable Apache APISIX integration service discovery
+ enabled: false
+ # -- Registry is the same to the one in APISIX
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281),
+ # and refer to such file for more setting details. also refer to [this
documentation for integration service
discovery](https://apisix.apache.org/docs/apisix/discovery)
+ registry: {}
+ # Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
+ # reference:
+ #
https://apisix.apache.org/docs/apisix/discovery/#configuration-for-eureka
+ #
https://apisix.apache.org/docs/apisix/discovery/dns/#service-discovery-via-dns
+ #
https://apisix.apache.org/docs/apisix/discovery/consul_kv/#configuration-for-consul-kv
+ #
https://apisix.apache.org/docs/apisix/discovery/nacos/#configuration-for-nacos
+ #
https://apisix.apache.org/docs/apisix/discovery/kubernetes/#configuration
+ #
+ # an eureka example:
+ # ```
+ # eureka:
+ # host:
+ # - "http://${username}:${password}@${eureka_host1}:${eureka_port1}";
+ # - "http://${username}:${password}@${eureka_host2}:${eureka_port2}";
+ # prefix: "/eureka/"
+ # fetch_interval: 30
+ # weight: 100
+ # timeout:
+ # connect: 2000
+ # send: 2000
+ # read: 5000
+ # ```
+ #
+ # the minimal Kubernetes example:
+ # ```
+ # kubernetes: {}
+ # ```
+ #
+ # The prerequisites for the above minimal Kubernetes example:
+ # 1. [Optional] Set `.serviceAccount.create` to `true` to create a
dedicated ServiceAccount.
+ # It is recommended to do so, otherwise the default ServiceAccount
"default" will be used.
+ # 2. [Required] Set `.rbac.create` to `true` to create and bind the
necessary RBAC resources.
+ # This grants the ServiceAccount in use to List-Watch Kubernetes
Endpoints resources.
+ # 3. [Required] Include the following environment variables in
`.nginx.envs` to pass them into
+ # nginx worker processes
(https://nginx.org/en/docs/ngx_core_module.html#env):
+ # - KUBERNETES_SERVICE_HOST
+ # - KUBERNETES_SERVICE_PORT
+ # This is for allowing the default `host` and `port` of
`.discovery.registry.kubernetes.service`.
+
+ dns:
+ resolvers:
+ - 127.0.0.1
+ - 172.20.0.10
+ - 114.114.114.114
+ - 223.5.5.5
+ - 1.1.1.1
+ - 8.8.8.8
+ validity: 30
+ timeout: 5
+
+ vault:
+ # -- Enable or disable the vault integration
+ enabled: false
+ # -- The host address where the vault server is running.
+ host: ""
+ # -- HTTP timeout for each request.
+ timeout: 10
+ # -- The generated token from vault instance that can grant access to read
data from the vault.
+ token: ""
+ # -- Prefix allows you to better enforcement of policies.
+ prefix: ""
+
+ prometheus:
+ # ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/
+ enabled: false
+ # -- path of the metrics endpoint
+ path: /apisix/prometheus/metrics
+ # -- prefix of the metrics
+ metricPrefix: apisix_
+ # -- container port where the metrics are exposed
+ containerPort: 9091
+
+ # -- Customize the list of APISIX plugins to enable. By default, APISIX's
default plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
+ plugins: []
+ # -- Customize the list of APISIX stream_plugins to enable. By default,
APISIX's default stream_plugins are automatically used. See
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml)
+ stream_plugins: []
- httpSrv: |
+ # -- Set APISIX plugin attributes, see
[config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L376)
for more details
+ pluginAttrs: {}
- httpAdmin: |
+ extPlugin:
+ # -- Enable External Plugins. See [external
plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/)
+ enabled: false
+ # -- the command and its arguements to run as a subprocess
+ cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
- stream: |
+ wasm:
+ # -- Enable Wasm Plugins. See [wasm
plugin](https://apisix.apache.org/docs/apisix/next/wasm/)
+ enabled: false
+ plugins: []
-# -- Observability configuration.
-# ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/
-serviceMonitor:
- # -- Enable or disable Apache APISIX serviceMonitor
- enabled: false
- # -- namespace where the serviceMonitor is deployed, by default, it is the
same as the namespace of the apisix
- namespace: ""
- # -- name of the serviceMonitor, by default, it is the same as the apisix
fullname
- name: ""
- # -- interval at which metrics should be scraped
- interval: 15s
- # -- path of the metrics endpoint
- path: /apisix/prometheus/metrics
- # -- prefix of the metrics
- metricPrefix: apisix_
- # -- container port where the metrics are exposed
- containerPort: 9091
- # -- @param serviceMonitor.labels ServiceMonitor extra labels
- labels: {}
- # -- @param serviceMonitor.annotations ServiceMonitor annotations
- annotations: {}
+ # -- customPlugins allows you to mount your own HTTP plugins.
+ customPlugins:
+ # -- Whether to configure some custom plugins
+ enabled: false
+ # -- the lua_path that tells APISIX where it can find plugins,
+ # note the last ';' is required.
+ luaPath: "/opts/custom_plugins/?.lua"
+ plugins:
+ # -- plugin name.
+ - name: "plugin-name"
+ # -- plugin attrs
+ attrs: {}
+ # -- plugin codes can be saved inside configmap object.
+ configMap:
+ # -- name of configmap.
+ name: "configmap-name"
+ # -- since keys in configmap is flat, mountPath allows to define the
mount
+ # path, so that plugin codes can be mounted hierarchically.
+ mounts:
+ - key: "the-file-name"
+ path: "mount-path"
+
+# -- external etcd configuration. If etcd.enabled is false, these
configuration will be used.
+externalEtcd:
+ # -- if etcd.enabled is false, use external etcd, support multiple address,
if your etcd cluster enables TLS, please use https scheme, e.g.
https://127.0.0.1:2379.
+ host:
+ # host or ip e.g. http://172.20.128.89:2379
+ - http://etcd.host:2379
+ # -- if etcd.enabled is false, user for external etcd. Set empty to disable
authentication
+ user: root
+ # -- if etcd.enabled is true, use etcd.auth.rbac.rootPassword instead.
+ # -- if etcd.enabled is false and externalEtcd.existingSecret is not empty,
the password should store in the corresponding secret
+ # -- if etcd.enabled is false and externalEtcd.existingSecret is empty,
externalEtcd.password is the passsword for external etcd.
+ password: ""
+ # -- if externalEtcd.existingSecret is the name of secret containing the
external etcd password
+ existingSecret: ""
+ # -- externalEtcd.secretPasswordKey Key inside the secret containing the
external etcd password
+ secretPasswordKey: "etcd-root-password"
# -- etcd configuration
# use the FQDN address or the IP of the etcd
etcd:
# -- install etcd(v3) by default, set false if do not want to install
etcd(v3) together
enabled: true
- # -- if etcd.enabled is false, use external etcd, support multiple address,
if your etcd cluster enables TLS, please use https scheme, e.g.
https://127.0.0.1:2379.
- host:
- # host or ip e.g. http://172.20.128.89:2379
- - http://etcd.host:2379
- # -- if etcd.enabled is false, username for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
- user: ""
- # -- if etcd.enabled is false, password for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
- password: ""
# -- apisix configurations prefix
prefix: "/apisix"
# -- Set the timeout value in seconds for subsequent socket operations from
apisix to etcd cluster
@@ -588,15 +616,3 @@ ingress-controller:
config:
apisix:
adminAPIVersion: "v3"
-
-vault:
- # -- Enable or disable the vault integration
- enabled: false
- # -- The host address where the vault server is running.
- host: ""
- # -- HTTP timeout for each request.
- timeout: 10
- # -- The generated token from vault instance that can grant access to read
data from the vault.
- token: ""
- # -- Prefix allows you to better enforcement of policies.
- prefix: ""
