(apisix-helm-chart) 01/01: chore: bump chart version to 2.11.5 and add sslCiphers configuration

Wed, 13 Aug 2025 05:31:55 -0700 

This is an automated email from the ASF dual-hosted git repository.

juzhiyuan pushed a commit to branch feat/apisix-ssl
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git

commit 367369b53d4b4fc0322bd776d5fcce36e4949b18
Author: juzhiyuan <juzhiy...@apache.org>
AuthorDate: Wed Aug 13 20:31:39 2025 +0800

    chore: bump chart version to 2.11.5 and add sslCiphers configuration
---
 charts/apisix/Chart.yaml               | 2 +-
 charts/apisix/README.md                | 1 +
 charts/apisix/templates/configmap.yaml | 2 +-
 charts/apisix/values.yaml              | 2 ++
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index 8d079bb..f5f85a6 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
 # This is the chart version. This version number should be incremented each 
time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.11.4
+version: 2.11.5
 
 # This is the version number of the application being deployed. This version 
number should be
 # incremented each time you make changes to the application. Versions are not 
expected to
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index fc6d04e..dc35388 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -123,6 +123,7 @@ The command removes all the Kubernetes components 
associated with the chart and
 | apisix.ssl.enabled | bool | `false` |  |
 | apisix.ssl.existingCASecret | string | `""` | Specifies the name of Secret 
contains trusted CA certificates in the PEM format used to verify the 
certificate when APISIX needs to do SSL/TLS handshaking with external services 
(e.g. etcd) |
 | apisix.ssl.fallbackSNI | string | `""` | Define SNI to fallback if none is 
presented by client |
+| apisix.ssl.sslCiphers | string | 
`"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-
 [...]
 | apisix.ssl.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols 
allowed to use. |
 | apisix.status.ip | string | `"0.0.0.0"` |  |
 | apisix.status.port | int | `7085` |  |
diff --git a/charts/apisix/templates/configmap.yaml 
b/charts/apisix/templates/configmap.yaml
index 53c9894..18e3ad4 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -162,7 +162,7 @@ data:
           {{- toYaml . | nindent 10}}
           {{- end }}
         ssl_protocols: {{ .Values.apisix.ssl.sslProtocols | quote }}
-        ssl_ciphers: 
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-
 [...]
+        ssl_ciphers: {{ .Values.apisix.ssl.sslCiphers | quote }}
         {{- if and .Values.apisix.ssl.enabled 
.Values.apisix.ssl.existingCASecret }}
         ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ 
.Values.apisix.ssl.certCAFilename }}"
         {{- end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 83520ec..406cb39 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -320,6 +320,8 @@ apisix:
     enableHTTP3: false
     # -- TLS protocols allowed to use.
     sslProtocols: "TLSv1.2 TLSv1.3"
+    # -- TLS ciphers allowed to use.
+    sslCiphers: 
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES25
 [...]
     # -- Define SNI to fallback if none is presented by client
     fallbackSNI: ""

Reply via email to