You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2022/08/19 18:51:22 UTC
[apisix-helm-chart] branch master updated: feat: support hostnetwork (#321)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new d3ca4af feat: support hostnetwork (#321)
d3ca4af is described below
commit d3ca4af48665846bf5a8435e87de9b97f6eae3b3
Author: fengxsong <fe...@outlook.com>
AuthorDate: Sat Aug 20 02:51:16 2022 +0800
feat: support hostnetwork (#321)
---
charts/apisix/Chart.lock | 2 +-
charts/apisix/templates/_helpers.tpl | 36 ++++++
charts/apisix/templates/_pod.tpl | 176 +++++++++++++++++++++++++++++
charts/apisix/templates/configmap.yaml | 25 +----
charts/apisix/templates/daemonset.yaml | 170 +---------------------------
charts/apisix/templates/deployment.yaml | 191 +-------------------------------
charts/apisix/values.yaml | 53 ++++-----
7 files changed, 247 insertions(+), 406 deletions(-)
diff --git a/charts/apisix/Chart.lock b/charts/apisix/Chart.lock
index 7ba9605..6a87a7f 100644
--- a/charts/apisix/Chart.lock
+++ b/charts/apisix/Chart.lock
@@ -9,4 +9,4 @@ dependencies:
repository: https://charts.apiseven.com
version: 0.9.3
digest: sha256:ec765a3e06c74c2ebfaf272e41085bf56d536a47aeb3df52ff13d91e846507b3
-generated: "2022-07-28T15:08:46.471214696+08:00"
+generated: "2022-08-03T10:38:08.862145+08:00"
diff --git a/charts/apisix/templates/_helpers.tpl b/charts/apisix/templates/_helpers.tpl
index a20eb72..70f34e8 100644
--- a/charts/apisix/templates/_helpers.tpl
+++ b/charts/apisix/templates/_helpers.tpl
@@ -74,3 +74,39 @@ Usage:
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
+
+{{- define "apisix.basePluginAttrs" -}}
+{{- if .Values.serviceMonitor.enabled }}
+prometheus:
+ export_addr:
+ ip: 0.0.0.0
+ port: {{ .Values.serviceMonitor.containerPort }}
+ export_uri: {{ .Values.serviceMonitor.path }}
+ metric_prefix: {{ .Values.serviceMonitor.metricPrefix }}
+{{- end }}
+{{- if .Values.customPlugins.enabled }}
+{{- range $plugin := .Values.customPlugins.plugins }}
+{{- if $plugin.attrs }}
+{{ $plugin.name }}: {{- $plugin.attrs | toYaml | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- define "apisix.pluginAttrs" -}}
+{{- merge .Values.pluginAttrs (include "apisix.basePluginAttrs" . | fromYaml) | toYaml -}}
+{{- end -}}
+
+{{- define "apisix.podAntiAffinity" -}}
+{{- if and .Values.apisix.hostNetwork (eq .Values.apisix.kind "Deployment") }}
+podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - {{ .Release.Name }}
+ topologyKey: "kubernetes.io/hostname"
+{{- end }}
+{{- end -}}
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
new file mode 100644
index 0000000..efd85f9
--- /dev/null
+++ b/charts/apisix/templates/_pod.tpl
@@ -0,0 +1,176 @@
+{{- define "apisix.podTemplate" -}}
+metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.apisix.podAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "apisix.selectorLabels" . | nindent 4 }}
+spec:
+ {{- with .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ securityContext: {{- toYaml .Values.podSecurityContext | nindent 4 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+ image: "{{ .Values.apisix.image.repository }}:{{ default .Chart.AppVersion .Values.apisix.image.tag }}"
+ imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
+ env:
+ {{- if .Values.apisix.timezone }}
+ - name: TZ
+ value: {{ .Values.apisix.timezone }}
+ {{- end }}
+ {{- if .Values.apisix.extraEnvVars }}
+ {{- include "apisix.tplvalues.render" (dict "value" .Values.apisix.extraEnvVars "context" $) | nindent 8 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.gateway.http.containerPort }}
+ protocol: TCP
+ - name: tls
+ containerPort: {{ .Values.gateway.tls.containerPort }}
+ protocol: TCP
+ {{- if .Values.admin.enabled }}
+ - name: admin
+ containerPort: {{ .Values.admin.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.serviceMonitor.enabled }}
+ - name: prometheus
+ containerPort: {{ .Values.serviceMonitor.containerPort }}
+ protocol: TCP
+ {{- end }}
+ {{- if and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
+ {{- with .Values.gateway.stream }}
+ {{- if (gt (len .tcp) 0) }}
+ {{- range $index, $port := .tcp }}
+ - name: proxy-tcp-{{ $index | toString }}
+ containerPort: {{ $port }}
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ {{- if (gt (len .udp) 0) }}
+ {{- range $index, $port := .udp }}
+ - name: proxy-udp-{{ $index | toString }}
+ containerPort: {{ $port }}
+ protocol: UDP
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ readinessProbe:
+ failureThreshold: 6
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ tcpSocket:
+ port: {{ .Values.gateway.http.containerPort }}
+ timeoutSeconds: 1
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - "sleep 30"
+ volumeMounts:
+ {{- if .Values.apisix.setIDFromPodUID }}
+ - mountPath: /usr/local/apisix/conf/apisix.uid
+ name: id
+ subPath: apisix.uid
+ {{- end }}
+ - mountPath: /usr/local/apisix/conf/config.yaml
+ name: apisix-config
+ subPath: config.yaml
+ {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
+ - mountPath: /usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}
+ name: ssl
+ subPath: {{ .Values.gateway.tls.certCAFilename }}
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - mountPath: /etcd-ssl
+ name: etcd-ssl
+ {{- end }}
+ {{- if .Values.customPlugins.enabled }}
+ {{- range $plugin := .Values.customPlugins.plugins }}
+ {{- range $mount := $plugin.configMap.mounts }}
+ - mountPath: {{ $mount.path }}
+ name: plugin-{{ $plugin.configMap.name }}
+ subPath: {{ $mount.key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ {{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts }}
+ - mountPath: {{ $mount.path }}
+ name: lua-module-hook
+ subPath: {{ $mount.key }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 8 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.apisix.resources | nindent 8 }}
+ hostNetwork: {{ .Values.apisix.hostNetwork }}
+ {{- if .Values.etcd.enabled }}
+ initContainers:
+ - name: wait-etcd
+ image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }}
+ {{- if .Values.etcd.fullnameOverride }}
+ command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
+ {{ else }}
+ command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
+ {{- end }}
+ {{- end }}
+ volumes:
+ - configMap:
+ name: {{ include "apisix.fullname" . }}
+ name: apisix-config
+ {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
+ - secret:
+ secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
+ name: ssl
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - secret:
+ secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
+ name: etcd-ssl
+ {{- end }}
+ {{- if .Values.apisix.setIDFromPodUID }}
+ - downwardAPI:
+ items:
+ - path: "apisix.uid"
+ fieldRef:
+ fieldPath: metadata.uid
+ name: id
+ {{- end }}
+ {{- if .Values.customPlugins.enabled }}
+ {{- range $plugin := .Values.customPlugins.plugins }}
+ - name: plugin-{{ $plugin.configMap.name }}
+ configMap:
+ name: {{ $plugin.configMap.name }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ - name: lua-module-hook
+ configMap:
+ name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 4 }}
+ {{- end }}
+ {{- with .Values.apisix.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ affinity:
+ {{- merge .Values.apisix.affinity (include "apisix.podAntiAffinity" . | fromYaml) | toYaml | nindent 4 }}
+ {{- with .Values.apisix.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index f7e272a..6c0e5da 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -166,7 +166,7 @@ data:
error_log: "{{ .Values.logs.errorLog }}"
error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
worker_processes: "{{ .Values.nginx.workerProcesses }}"
- enable_cpu_affinity: {{ default "true" .Values.nginx.enableCPUAffinity }}
+ enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
event:
worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
@@ -272,26 +272,9 @@ data:
{{- end }}
{{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
- plugin_attr:
- {{- if .Values.serviceMonitor.enabled }}
- prometheus:
- export_addr:
- ip: 0.0.0.0
- port: {{ .Values.serviceMonitor.containerPort }}
- export_uri: {{ .Values.serviceMonitor.path }}
- metric_prefix: {{ .Values.serviceMonitor.metricPrefix }}
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- {{- if $plugin.attrs }}
- {{ $plugin.name }}: {{- $plugin.attrs | toYaml | nindent 8 }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.pluginAttrs }}
- {{- range $name, $attrs := .Values.pluginAttrs }}
- {{ $name}}: {{- $attrs | toYaml | nindent 8 }}
- {{- end }}
+ {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
+ {{- if gt (len $pluginAttrs) 0 }}
+ plugin_attr: {{- $pluginAttrs | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
diff --git a/charts/apisix/templates/daemonset.yaml b/charts/apisix/templates/daemonset.yaml
index cc4f894..b22a775 100644
--- a/charts/apisix/templates/daemonset.yaml
+++ b/charts/apisix/templates/daemonset.yaml
@@ -29,173 +29,5 @@ spec:
updateStrategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
template:
- metadata:
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
- {{- with .Values.apisix.podAnnotations }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "apisix.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.global.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- containers:
- - name: {{ .Chart.Name }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "{{ .Values.apisix.image.repository }}:{{ .Values.apisix.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
- ports:
- - name: http
- containerPort: {{ .Values.gateway.http.containerPort }}
- protocol: TCP
- - name: tls
- containerPort: {{ .Values.gateway.tls.containerPort }}
- protocol: TCP
- {{- if .Values.admin.enabled }}
- - name: admin
- containerPort: {{ .Values.admin.port }}
- protocol: TCP
- {{- end }}
- {{- if .Values.serviceMonitor.enabled }}
- - name: prometheus
- containerPort: {{ .Values.serviceMonitor.containerPort }}
- protocol: TCP
- {{- end }}
- {{- if and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
- {{- with .Values.gateway.stream }}
- {{- if (gt (len .tcp) 0) }}
- {{- range $index, $port := .tcp }}
- - name: proxy-tcp-{{ $index | toString }}
- containerPort: {{ $port }}
- protocol: TCP
- {{- end }}
- {{- end }}
- {{- if (gt (len .udp) 0) }}
- {{- range $index, $port := .udp }}
- - name: proxy-udp-{{ $index | toString }}
- containerPort: {{ $port }}
- protocol: UDP
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end }}
- readinessProbe:
- failureThreshold: 6
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: {{ .Values.gateway.http.containerPort }}
- timeoutSeconds: 1
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/sh
- - -c
- - "sleep 30"
- volumeMounts:
- {{- if .Values.apisix.setIDFromPodUID }}
- - mountPath: /usr/local/apisix/conf/apisix.uid
- name: id
- subPath: apisix.uid
- {{- end }}
- - mountPath: /usr/local/apisix/conf/config.yaml
- name: apisix-config
- subPath: config.yaml
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- - mountPath: /usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}
- name: ssl
- subPath: {{ .Values.gateway.tls.certCAFilename }}
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- - mountPath: /etcd-ssl
- name: etcd-ssl
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- {{- range $mount := $plugin.configMap.mounts }}
- - mountPath: {{ $mount.path }}
- name: plugin-{{ $plugin.configMap.name }}
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- {{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts }}
- - mountPath: {{ $mount.path }}
- name: lua-module-hook
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- if .Values.extraVolumeMounts }}
- {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
- {{- end }}
- resources:
- {{- toYaml .Values.apisix.resources | nindent 12 }}
- {{- if .Values.etcd.enabled }}
- initContainers:
- - name: wait-etcd
- image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }}
- {{- if .Values.etcd.fullnameOverride }}
- command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
- {{ else }}
- command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
- {{- end }}
- {{- end }}
- volumes:
- - configMap:
- name: {{ include "apisix.fullname" . }}
- name: apisix-config
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- - secret:
- secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
- name: ssl
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- - secret:
- secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
- name: etcd-ssl
- {{- end }}
- {{- if .Values.apisix.setIDFromPodUID }}
- - downwardAPI:
- items:
- - path: "apisix.uid"
- fieldRef:
- fieldPath: metadata.uid
- name: id
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- - name: plugin-{{ $plugin.configMap.name }}
- configMap:
- name: {{ $plugin.configMap.name }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- - name: lua-module-hook
- configMap:
- name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
- {{- end }}
- {{- if .Values.extraVolumes }}
- {{- toYaml .Values.extraVolumes | nindent 8 }}
- {{- end }}
- {{- with .Values.apisix.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- affinity:
- {{- with .Values.apisix.affinity }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.apisix.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- include "apisix.podTemplate" . | nindent 4 }}
{{- end }}
diff --git a/charts/apisix/templates/deployment.yaml b/charts/apisix/templates/deployment.yaml
index c6afc3c..8ce2fcb 100644
--- a/charts/apisix/templates/deployment.yaml
+++ b/charts/apisix/templates/deployment.yaml
@@ -32,194 +32,5 @@ spec:
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
template:
- metadata:
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
- {{- with .Values.apisix.podAnnotations }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "apisix.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.global.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- containers:
- - name: {{ .Chart.Name }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
- image: "{{ .Values.apisix.image.repository }}:{{ .Values.apisix.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
- env:
- {{- if .Values.apisix.timezone }}
- - name: TZ
- value: {{ .Values.apisix.timezone }}
- {{- end }}
- {{- if .Values.apisix.extraEnvVars }}
- {{- include "apisix.tplvalues.render" (dict "value" .Values.apisix.extraEnvVars "context" $) | nindent 12 }}
- {{- end }}
- ports:
- - name: http
- containerPort: {{ .Values.gateway.http.containerPort }}
- protocol: TCP
- - name: tls
- containerPort: {{ .Values.gateway.tls.containerPort }}
- protocol: TCP
- {{- if .Values.admin.enabled }}
- - name: admin
- containerPort: {{ .Values.admin.port }}
- protocol: TCP
- {{- end }}
- {{- if .Values.serviceMonitor.enabled }}
- - name: prometheus
- containerPort: {{ .Values.serviceMonitor.containerPort }}
- protocol: TCP
- {{- end }}
- {{- if and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
- {{- with .Values.gateway.stream }}
- {{- if (gt (len .tcp) 0) }}
- {{- range $index, $port := .tcp }}
- - name: proxy-tcp-{{ $index | toString }}
- containerPort: {{ $port }}
- protocol: TCP
- {{- end }}
- {{- end }}
- {{- if (gt (len .udp) 0) }}
- {{- range $index, $port := .udp }}
- - name: proxy-udp-{{ $index | toString }}
- containerPort: {{ $port }}
- protocol: UDP
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end }}
- readinessProbe:
- failureThreshold: 6
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: {{ .Values.gateway.http.containerPort }}
- timeoutSeconds: 1
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/sh
- - -c
- - "sleep 30"
- volumeMounts:
- {{- if .Values.apisix.setIDFromPodUID }}
- - mountPath: /usr/local/apisix/conf/apisix.uid
- name: id
- subPath: apisix.uid
- {{- end }}
- - mountPath: /usr/local/apisix/conf/config.yaml
- name: apisix-config
- subPath: config.yaml
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- - mountPath: /usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}
- name: ssl
- subPath: {{ .Values.gateway.tls.certCAFilename }}
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- - mountPath: /etcd-ssl
- name: etcd-ssl
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- {{- range $mount := $plugin.configMap.mounts }}
- - mountPath: {{ $mount.path }}
- name: plugin-{{ $plugin.configMap.name }}
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- {{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts }}
- - mountPath: {{ $mount.path }}
- name: lua-module-hook
- subPath: {{ $mount.key }}
- {{- end }}
- {{- end }}
- {{- if .Values.extraVolumeMounts }}
- {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
- {{- end }}
- resources:
- {{- toYaml .Values.apisix.resources | nindent 12 }}
- {{- if .Values.etcd.enabled }}
- initContainers:
- - name: wait-etcd
- image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }}
- {{- if .Values.etcd.fullnameOverride }}
- command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
- {{- else }}
- command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
- {{- end }}
- {{- end }}
- volumes:
- - configMap:
- name: {{ include "apisix.fullname" . }}
- name: apisix-config
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- - secret:
- secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
- name: ssl
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- - secret:
- secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
- name: etcd-ssl
- {{- end }}
- {{- if .Values.apisix.setIDFromPodUID }}
- - downwardAPI:
- items:
- - path: "apisix.uid"
- fieldRef:
- fieldPath: metadata.uid
- name: id
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- - name: plugin-{{ $plugin.configMap.name }}
- configMap:
- name: {{ $plugin.configMap.name }}
- {{- end }}
- {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- - name: lua-module-hook
- configMap:
- name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
- {{- end }}
- {{- if .Values.extraVolumes }}
- {{- toYaml .Values.extraVolumes | nindent 8 }}
- {{- end }}
- {{- with .Values.apisix.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- affinity:
- {{- with .Values.apisix.affinity }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- if .Values.apisix.podAntiAffinity.enabled }}
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values:
- - {{ include "apisix.name" . }}
- topologyKey: kubernetes.io/hostname
- weight: 100
- {{- end }}
- {{- with .Values.apisix.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- include "apisix.podTemplate" . | nindent 4 }}
{{- end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 9a33ef1..e0824f9 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -45,8 +45,8 @@ apisix:
name: ""
# mounts decides how to mount the codes to the container.
mounts:
- - key: ""
- path: ""
+ - key: ""
+ path: ""
enableCustomizedConfig: false
customizedConfig: {}
@@ -59,7 +59,7 @@ apisix:
# Use a `DaemonSet` or `Deployment`
kind: Deployment
- # kind is DaemonSet,replicaCount not become effective
+ # kind is DaemonSet, replicaCount not become effective
replicaCount: 1
podAnnotations: {}
@@ -90,6 +90,7 @@ apisix:
# requests:
# cpu: 100m
# memory: 128Mi
+ hostNetwork: false
nodeSelector: {}
tolerations: []
@@ -141,7 +142,8 @@ gateway:
certCAFilename: ""
http2:
enabled: true
- stream: # L4 proxy (TCP/UDP)
+ # L4 proxy (TCP/UDP)
+ stream:
enabled: false
only: false
tcp: []
@@ -254,7 +256,7 @@ customPlugins:
# note the last ';' is required.
luaPath: "/opts/custom_plugins/?.lua"
plugins:
- # plugin name.
+ # plugin name.
- name: ""
# plugin attrs
attrs: {}
@@ -285,25 +287,25 @@ extraVolumeMounts: []
discovery:
enabled: false
registry:
- # Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
- # reference:
- # https://apisix.apache.org/docs/apisix/discovery#configuration-for-eureka
- # https://apisix.apache.org/docs/apisix/discovery/dns#service-discovery-via-dns
- # https://apisix.apache.org/docs/apisix/discovery/consul_kv#configuration-for-consul-kv
- # https://apisix.apache.org/docs/apisix/discovery/nacos#configuration-for-nacos
- #
- # an eureka example:
- # eureka:
- # host:
- # - "http://${username}:${password}@${eureka_host1}:${eureka_port1}"
- # - "http://${username}:${password}@${eureka_host2}:${eureka_port2}"
- # prefix: "/eureka/"
- # fetch_interval: 30
- # weight: 100
- # timeout:
- # connect: 2000
- # send: 2000
- # read: 5000
+ # Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
+ # reference:
+ # https://apisix.apache.org/docs/apisix/discovery#configuration-for-eureka
+ # https://apisix.apache.org/docs/apisix/discovery/dns#service-discovery-via-dns
+ # https://apisix.apache.org/docs/apisix/discovery/consul_kv#configuration-for-consul-kv
+ # https://apisix.apache.org/docs/apisix/discovery/nacos#configuration-for-nacos
+ #
+ # an eureka example:
+ # eureka:
+ # host:
+ # - "http://${username}:${password}@${eureka_host1}:${eureka_port1}"
+ # - "http://${username}:${password}@${eureka_host2}:${eureka_port2}"
+ # prefix: "/eureka/"
+ # fetch_interval: 30
+ # weight: 100
+ # timeout:
+ # connect: 2000
+ # send: 2000
+ # read: 5000
# access log and error log configuration
logs:
@@ -377,7 +379,8 @@ etcd:
# install etcd(v3) by default, set false if do not want to install etcd(v3) together
enabled: true
host:
- - http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
+ # host or ip e.g. http://172.20.128.89:2379
+ - http://etcd.host:2379
prefix: "/apisix"
timeout: 30