You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2022/10/28 09:16:36 UTC
[apisix-helm-chart] branch master updated: feat support for configuring priority class name (#369)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new c4ed1bc feat support for configuring priority class name (#369)
c4ed1bc is described below
commit c4ed1bcd4b307eac64e8a3bddcd4828e8d0c1376
Author: fengxsong <fe...@outlook.com>
AuthorDate: Fri Oct 28 17:16:30 2022 +0800
feat support for configuring priority class name (#369)
---
charts/apisix-dashboard/README.md | 1 +
charts/apisix-dashboard/templates/deployment.yaml | 3 +
charts/apisix-dashboard/values.yaml | 2 +
charts/apisix-ingress-controller/README.md | 4 +
.../templates/deployment.yaml | 3 +
charts/apisix-ingress-controller/values.yaml | 2 +
charts/apisix/README.md | 9 +-
charts/apisix/templates/_pod.tpl | 13 +-
charts/apisix/templates/configmap.yaml | 739 ++++++++-------------
charts/apisix/values.yaml | 1 +
10 files changed, 300 insertions(+), 477 deletions(-)
diff --git a/charts/apisix-dashboard/README.md b/charts/apisix-dashboard/README.md
index 40d9859..9a55d85 100644
--- a/charts/apisix-dashboard/README.md
+++ b/charts/apisix-dashboard/README.md
@@ -84,6 +84,7 @@ The following tables lists the configurable parameters of the apisix-dashboard c
| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- |
| `replicaCount` | Number of Apache APISIX Dashboard nodes | `1` |
+| `priorityClassName` | Set the [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for pods | `""` |
| `podAnnotations` | Apache APISIX Dashboard Pod annotations | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
diff --git a/charts/apisix-dashboard/templates/deployment.yaml b/charts/apisix-dashboard/templates/deployment.yaml
index 03bbc49..f04db67 100644
--- a/charts/apisix-dashboard/templates/deployment.yaml
+++ b/charts/apisix-dashboard/templates/deployment.yaml
@@ -42,6 +42,9 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
serviceAccountName: {{ include "apisix-dashboard.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
diff --git a/charts/apisix-dashboard/values.yaml b/charts/apisix-dashboard/values.yaml
index f160222..fac21fa 100644
--- a/charts/apisix-dashboard/values.yaml
+++ b/charts/apisix-dashboard/values.yaml
@@ -41,6 +41,8 @@ serviceAccount:
podAnnotations: {}
+priorityClassName: ""
+
podSecurityContext: {}
# fsGroup: 2000
diff --git a/charts/apisix-ingress-controller/README.md b/charts/apisix-ingress-controller/README.md
index f907161..b832292 100644
--- a/charts/apisix-ingress-controller/README.md
+++ b/charts/apisix-ingress-controller/README.md
@@ -57,6 +57,10 @@ See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_h
helm show values apisix/apisix-ingress-controller
```
+### Pod priority
+
+`priorityClassName` field referenced a name of a created `PriorityClass` object. Check [here](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption) for more details.
+
### Security context
A security context provides us with a way to define privilege and access control for a Pod or even at the container level.
diff --git a/charts/apisix-ingress-controller/templates/deployment.yaml b/charts/apisix-ingress-controller/templates/deployment.yaml
index 2d983a1..2546a10 100644
--- a/charts/apisix-ingress-controller/templates/deployment.yaml
+++ b/charts/apisix-ingress-controller/templates/deployment.yaml
@@ -42,6 +42,9 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
serviceAccountName: {{ include "apisix-ingress-controller.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml
index a2845b4..7358a5d 100644
--- a/charts/apisix-ingress-controller/values.yaml
+++ b/charts/apisix-ingress-controller/values.yaml
@@ -46,6 +46,8 @@ image:
podAnnotations: {}
+priorityClassName: ""
+
imagePullSecrets: []
clusterDomain: cluster.local
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 0985909..6d3b60f 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -50,15 +50,16 @@ The following tables lists the configurable parameters of the apisix chart and t
|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------|
| `apisix.enabled` | Enable or disable Apache APISIX itself | `true` |
| `apisix.enableIPv6` | Enable nginx IPv6 resolver | `true` |
-| `apisix.hostNetwork` | Use the host's network namespace | `false` |
-| `apisix.enableCustomizedConfig` | Enable full customized `config.yaml` | `false` |
-| `apisix.customizedConfig` | If `apisix.enableCustomizedConfig` is true, full customized `config.yaml`. Please note that other settings about APISIX config will be ignored | `{}` |
+| `apisix.hostNetwork` | Use the host's network namespace | `false` |
+| `apisix.enableCustomizedConfig` | Enable full customized `config.yaml` | `false` |
+| `apisix.customizedConfig` | If `apisix.enableCustomizedConfig` is true, full customized `config.yaml`. Please note that other settings about APISIX config will be ignored | `{}` |
| `apisix.image.repository` | Apache APISIX image repository | `apache/apisix` |
| `apisix.image.tag` | Apache APISIX image tag | `{TAG_NAME}` (the latest Apache APISIX image tag) |
| `apisix.image.pullPolicy` | Apache APISIX image pull policy | `IfNotPresent` |
-| `apisix.kind` | Apache APISIX kind use a `DaemonSet` or `Deployment` | `Deployment` |
+| `apisix.kind` | Apache APISIX kind use a `DaemonSet` or `Deployment` | `Deployment` |
| `apisix.replicaCount` | Apache APISIX deploy replica count,kind is DaemonSet,replicaCount not become effective | `1` |
| `apisix.podAnnotations` | Annotations to add to each pod | `{}` |
+| `apisix.priorityClassName` | Set [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for Apache APISIX pods | `""` |
| `apisix.podSecurityContext` | Set the securityContext for Apache APISIX pods | `{}` |
| `apisix.securityContext` | Set the securityContext for Apache APISIX container | `{}` |
| `apisix.podDisruptionBudget.enabled` | Enable or disable podDisruptionBudget | `false` |
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index 6d5afea..0aa952e 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -15,10 +15,19 @@ spec:
{{- end }}
{{- end }}
serviceAccountName: {{ include "apisix.serviceAccountName" . }}
- securityContext: {{- toYaml .Values.podSecurityContext | nindent 4 }}
+ {{- with .Values.apisix.podSecurityContext }}
+ securityContext:
+ {{- . | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with .Values.apisix.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
- securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+ {{- with .Values.apisix.securityContext }}
+ securityContext:
+ {{- . | toYaml | nindent 8 }}
+ {{- end }}
image: "{{ .Values.apisix.image.repository }}:{{ default .Chart.AppVersion .Values.apisix.image.tag }}"
imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
env:
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index ffe2b86..0c36ff5 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+{{- $isBeta := (semverCompare ">=2.99.0" .Values.apisix.image.tag) }}
+
{{- if .Values.apisix.enabled }}
apiVersion: v1
kind: ConfigMap
@@ -21,352 +23,298 @@ metadata:
name: {{ include "apisix.fullname" . }}
namespace: {{ .Release.Namespace }}
data:
-{{- if .Values.apisix.enableCustomizedConfig }}
config.yaml: |-
+ #
+ # Licensed to the Apache Software Foundation (ASF) under one or more
+ # contributor license agreements. See the NOTICE file distributed with
+ # this work for additional information regarding copyright ownership.
+ # The ASF licenses this file to You under the Apache License, Version 2.0
+ # (the "License"); you may not use this file except in compliance with
+ # the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ {{- if .Values.apisix.enableCustomizedConfig }}
{{- range $key, $value := .Values.apisix.customizedConfig }}
{{ $key }}:
{{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 6 }}
{{- end }}
-{{- else }}
- {{- if semverCompare ">=2.99.0" .Values.apisix.image.tag }}
- config.yaml: |-
- #
- # Licensed to the Apache Software Foundation (ASF) under one or more
- # contributor license agreements. See the NOTICE file distributed with
- # this work for additional information regarding copyright ownership.
- # The ASF licenses this file to You under the Apache License, Version 2.0
- # (the "License"); you may not use this file except in compliance with
- # the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- apisix:
- node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
- enable_heartbeat: true
- enable_admin: {{ .Values.admin.enabled }}
- enable_admin_cors: {{ .Values.admin.cors }}
- enable_debug: false
- {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
- extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
- {{- end }}
+ {{- else }}
+ apisix: # universal configurations
+ node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
+ enable_heartbeat: true
+ enable_admin: {{ .Values.admin.enabled }}
+ enable_admin_cors: {{ .Values.admin.cors }}
+ enable_debug: false
+ {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
+ extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
+ {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
- {{- end }}
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
+ {{- end }}
- enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
- enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
- enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
- enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
+ enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
+ enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
+ enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
+ enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
- #proxy_protocol: # Proxy Protocol configuration
- # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and admin_listen.
- # This port can only receive http request with proxy protocol, but node_listen & admin_listen
- # can only receive http request. If you enable proxy protocol, you must use this port to
- # receive http request with proxy protocol
- # listen_https_port: 9182 # The port with proxy protocol for https
- # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
- # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
+ # proxy_protocol: # Proxy Protocol configuration
+ # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and admin_listen.
+ # # This port can only receive http request with proxy protocol, but node_listen & admin_listen
+ # # can only receive http request. If you enable proxy protocol, you must use this port to
+ # # receive http request with proxy protocol
+ # listen_https_port: 9182 # The port with proxy protocol for https
+ # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
+ # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
- proxy_cache: # Proxy Caching configuration
- cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
- zones: # The parameters of a cache
- - name: disk_cache_one # The name of the cache, administrator can be specify
- # which cache to use by name in the admin api
- memory_size: 50m # The size of shared memory, it's used to store the cache index
- disk_size: 1G # The size of disk, it's used to store the cache data
- disk_path: "/tmp/disk_cache_one" # The path to store the cache data
- cache_levels: "1:2" # The hierarchy levels of a cache
- # - name: disk_cache_two
- # memory_size: 50m
- # disk_size: 1G
- # disk_path: "/tmp/disk_cache_two"
- # cache_levels: "1:2"
+ proxy_cache: # Proxy Caching configuration
+ cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
+ zones: # The parameters of a cache
+ - name: disk_cache_one # The name of the cache, administrator can be specify
+ # which cache to use by name in the admin api
+ memory_size: 50m # The size of shared memory, it's used to store the cache index
+ disk_size: 1G # The size of disk, it's used to store the cache data
+ disk_path: "/tmp/disk_cache_one" # The path to store the cache data
+ cache_levels: "1:2" # The hierarchy levels of a cache
+ # - name: disk_cache_two
+ # memory_size: 50m
+ # disk_size: 1G
+ # disk_path: "/tmp/disk_cache_two"
+ # cache_levels: "1:2"
- router:
- http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
- # radixtree_host_uri: match route by host + uri(base on radixtree)
- # radixtree_uri_with_parameter: match route by uri with parameters
- ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
- {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
- stream_proxy: # TCP/UDP proxy
- only: {{ .Values.gateway.stream.only }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
- tcp: # TCP proxy port list
- {{- if gt (len .Values.gateway.stream.tcp) 0}}
- {{- range .Values.gateway.stream.tcp }}
- - {{ . }}
- {{- end }}
- {{- else}}
- - 9100
- {{- end }}
+ {{- if not $isBeta }}
+ config_center: etcd # etcd: use etcd to store the config value
+ # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
+ allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+ {{- if .Values.admin.allow.ipList }}
+ {{- range $ips := .Values.admin.allow.ipList }}
+ - {{ $ips }}
+ {{- end }}
+ {{- else }}
+ - 0.0.0.0/0
+ {{- end}}
+ {{- if or (index .Values "ingress-controller" "enabled") .Values.dashboard.enabled }}
+ - 0.0.0.0/0
+ {{- end}}
+ # - "::/64"
+ {{- if .Values.admin.enabled }}
+ port_admin: {{ .Values.admin.port }}
+ {{- end }}
+
+ # Default token when use API to call for Admin API.
+ # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
+ # Disabling this configuration item means that the Admin API does not
+ # require any authentication.
+ admin_key:
+ # admin: can everything for configuration data
+ - name: "admin"
+ key: {{ .Values.admin.credentials.admin }}
+ role: admin
+ # viewer: only can view configuration data
+ - name: "viewer"
+ key: {{ .Values.admin.credentials.viewer }}
+ role: viewer
+ {{- end }}
+
+ router:
+ http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
+ # radixtree_host_uri: match route by host + uri(base on radixtree)
+ # radixtree_uri_with_parameter: match route by uri with parameters
+ ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
+
+ {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
+ stream_proxy: # TCP/UDP proxy
+ only: {{ .Values.gateway.stream.only }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
+ tcp: # TCP proxy port list
+ {{- if gt (len .Values.gateway.stream.tcp) 0}}
+ {{- range .Values.gateway.stream.tcp }}
+ - {{ . }}
{{- end }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
- udp: # UDP proxy port list
- {{- if gt (len .Values.gateway.stream.udp) 0}}
- {{- range .Values.gateway.stream.udp }}
- - {{ . }}
- {{- end }}
- {{- else}}
- - 9200
- {{- end }}
+ {{- else}}
+ - 9100
{{- end }}
{{- end }}
- # dns_resolver:
- # {{- range $resolver := .Values.dns.resolvers }}
- # - {{ $resolver }}
- # {{- end }}
- dns_resolver_valid: {{.Values.dns.validity}}
- resolver_timeout: {{.Values.dns.timeout}}
- ssl:
- enable: {{ .Values.gateway.tls.enabled }}
- listen:
- - port: {{ .Values.gateway.tls.containerPort }}
- enable_http2: {{ .Values.gateway.tls.http2.enabled }}
- ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
- ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RS [...]
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
+ udp: # UDP proxy port list
+ {{- if gt (len .Values.gateway.stream.udp) 0}}
+ {{- range .Values.gateway.stream.udp }}
+ - {{ . }}
{{- end }}
-
- nginx_config: # config for render the template to genarate nginx.conf
- error_log: "{{ .Values.logs.errorLog }}"
- error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
- worker_processes: "{{ .Values.nginx.workerProcesses }}"
- enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
- worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
- event:
- worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
- {{- with .Values.nginx.envs }}
- envs:
- {{- range $env := . }}
- - {{ $env }}
- {{- end }}
- {{- end }}
- http:
- enable_access_log: {{ .Values.logs.enableAccessLog }}
- {{- if .Values.logs.enableAccessLog }}
- access_log: "{{ .Values.logs.accessLog }}"
- access_log_format: "{{ .Values.logs.accessLogFormat }}"
- access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
- {{- end }}
- keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
- client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
- client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
- send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
- underscores_in_headers: "on" # default enables the use of underscores in client request header fields
- real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
- real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- - 127.0.0.1
- - 'unix:'
- {{- if .Values.apisix.customLuaSharedDicts }}
- custom_lua_shared_dict: # add custom shared cache to nginx.conf
- {{- range $dict := .Values.apisix.customLuaSharedDicts }}
- {{ $dict.name }}: {{ $dict.size }}
+ {{- else}}
+ - 9200
{{- end }}
- {{- end }}
- {{- if .Values.configurationSnippet.main }}
- main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpStart }}
- http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpEnd }}
- http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpSrv }}
- http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpAdmin }}
- http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.stream }}
- stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
+ {{- end }}
+ # dns_resolver:
+ # {{- range $resolver := .Values.dns.resolvers }}
+ # - {{ $resolver }}
+ # {{- end }}
+ dns_resolver_valid: {{.Values.dns.validity}}
+ resolver_timeout: {{.Values.dns.timeout}}
+ ssl:
+ enable: {{ .Values.gateway.tls.enabled }}
+ listen:
+ - port: {{ .Values.gateway.tls.containerPort }}
+ enable_http2: {{ .Values.gateway.tls.http2.enabled }}
+ ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
+ ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- [...]
+ {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
+ ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
{{- end }}
- {{- if .Values.discovery.enabled }}
- discovery:
- {{- range $key, $value := .Values.discovery.registry }}
- {{ $key }}:
- {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
- {{- end }}
+ nginx_config: # config for render the template to genarate nginx.conf
+ error_log: "{{ .Values.logs.errorLog }}"
+ error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
+ worker_processes: "{{ .Values.nginx.workerProcesses }}"
+ enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
+ worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
+ event:
+ worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
+ {{- with .Values.nginx.envs }}
+ envs:
+ {{- range $env := . }}
+ - {{ $env }}
{{- end }}
-
- {{- if .Values.vault.enabled }}
- vault:
- host: {{ .Values.vault.host }}
- timeout: {{ .Values.vault.timeout }}
- token: {{ .Values.vault.token }}
- prefix: {{ .Values.vault.prefix }}
{{- end }}
-
- {{- if .Values.plugins }}
- plugins: # plugin list
- {{- range $plugin := .Values.plugins }}
- - {{ $plugin }}
+ http:
+ enable_access_log: {{ .Values.logs.enableAccessLog }}
+ {{- if .Values.logs.enableAccessLog }}
+ access_log: "{{ .Values.logs.accessLog }}"
+ access_log_format: "{{ .Values.logs.accessLogFormat }}"
+ access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
+ {{- end }}
+ keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
+ client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
+ client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
+ send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
+ underscores_in_headers: "on" # default enables the use of underscores in client request header fields
+ real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+ real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
+ - 127.0.0.1
+ - 'unix:'
+ {{- if .Values.apisix.customLuaSharedDicts }}
+ custom_lua_shared_dict: # add custom shared cache to nginx.conf
+ {{- range $dict := .Values.apisix.customLuaSharedDicts }}
+ {{ $dict.name }}: {{ $dict.size }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.main }}
+ main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
{{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- - {{ $plugin.name }}
+ {{- if .Values.configurationSnippet.httpStart }}
+ http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
{{- end }}
+ {{- if .Values.configurationSnippet.httpEnd }}
+ http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
{{- end }}
+ {{- if .Values.configurationSnippet.httpSrv }}
+ http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
{{- end }}
- stream_plugins:
- {{- range $plugin := .Values.stream_plugins }}
- - {{ $plugin }}
+ {{- if .Values.configurationSnippet.httpAdmin }}
+ http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
{{- end }}
-
- {{- if .Values.extPlugin.enabled }}
- ext-plugin:
- cmd:
- {{- range $arg := .Values.extPlugin.cmd }}
- - {{ $arg }}
- {{- end }}
+ {{- if .Values.configurationSnippet.stream }}
+ stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
{{- end }}
- {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
- {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
- {{- if gt (len $pluginAttrs) 0 }}
- plugin_attr: {{- $pluginAttrs | nindent 6 }}
- {{- if .Values.wasmPlugins.enabled }}
- wasm:
- plugins:
- {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
- {{- end }}
- deployment:
- role: traditional
- role_traditional:
- config_provider: etcd
- admin:
- allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- {{- if .Values.admin.allow.ipList }}
- {{- range $ips := .Values.admin.allow.ipList }}
- - {{ $ips }}
- {{- end }}
- {{- else }}
- - 0.0.0.0/0
- {{- end}}
- {{- if or (index .Values "ingress-controller" "enabled") .Values.dashboard.enabled }}
- - 0.0.0.0/0
- {{- end}}
- # - "::/64"
- {{- if .Values.admin.enabled }}
- admin_listen:
- ip: 0.0.0.0
- port: {{ .Values.admin.port }}
- {{- end }}
- # Default token when use API to call for Admin API.
- # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
- # Disabling this configuration item means that the Admin API does not
- # require any authentication.
- admin_key:
- # admin: can everything for configuration data
- - name: "admin"
- key: {{ .Values.admin.credentials.admin }}
- role: admin
- # viewer: only can view configuration data
- - name: "viewer"
- key: {{ .Values.admin.credentials.viewer }}
- role: viewer
- etcd:
- {{- if .Values.etcd.enabled }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- {{- if .Values.etcd.fullnameOverride }}
- - "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
- {{- else }}
- - "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
- {{- end}}
+ {{- if not $isBeta }}
+ etcd:
+ {{- if .Values.etcd.enabled }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- if .Values.etcd.fullnameOverride }}
+ - "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
{{- else }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- {{- range $value := .Values.etcd.host }}
- - "{{ $value }}" # multiple etcd address
- {{- end}}
- {{- end }}
- prefix: {{ .Values.etcd.prefix | quote }} # configuration prefix in etcd
- timeout: {{ .Values.etcd.timeout }} # 30 seconds
- {{- if .Values.etcd.auth.rbac.create }}
- user: {{ .Values.etcd.auth.rbac.user | quote }}
- password: {{ .Values.etcd.auth.rbac.password | quote }}
- {{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- tls:
- cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
- key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
- verify: {{ .Values.etcd.auth.tls.verify }}
- sni: "{{ .Values.etcd.auth.tls.sni }}"
- {{- end }}
+ - "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
+ {{- end}}
+ {{- else }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- range $value := .Values.etcd.host }}
+ - "{{ $value }}" # multiple etcd address
+ {{- end}}
+ {{- end }}
+ prefix: {{ .Values.etcd.prefix | quote }} # apisix configurations prefix
+ timeout: {{ .Values.etcd.timeout }} # 30 seconds
+ {{- if .Values.etcd.auth.rbac.create }}
+ user: {{ .Values.etcd.auth.rbac.user | quote }}
+ password: {{ .Values.etcd.auth.rbac.password | quote }}
{{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ tls:
+ cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
+ key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
+ verify: {{ .Values.etcd.auth.tls.verify }}
+ sni: "{{ .Values.etcd.auth.tls.sni }}"
{{- end }}
- {{- else }}
- config.yaml: |-
- #
- # Licensed to the Apache Software Foundation (ASF) under one or more
- # contributor license agreements. See the NOTICE file distributed with
- # this work for additional information regarding copyright ownership.
- # The ASF licenses this file to You under the Apache License, Version 2.0
- # (the "License"); you may not use this file except in compliance with
- # the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- apisix:
- node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
- enable_heartbeat: true
- enable_admin: {{ .Values.admin.enabled }}
- enable_admin_cors: {{ .Values.admin.cors }}
- enable_debug: false
- {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
- extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
- {{- end }}
+ {{- end }}
- {{- if .Values.apisix.luaModuleHook.enabled }}
- lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
- {{- end }}
+ {{- if .Values.discovery.enabled }}
+ discovery:
+ {{- range $key, $value := .Values.discovery.registry }}
+ {{ $key }}:
+ {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.vault.enabled }}
+ vault:
+ host: {{ .Values.vault.host }}
+ timeout: {{ .Values.vault.timeout }}
+ token: {{ .Values.vault.token }}
+ prefix: {{ .Values.vault.prefix }}
+ {{- end }}
- enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
- enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
- enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
- enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
- config_center: etcd # etcd: use etcd to store the config value
- # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
+ {{- if .Values.plugins }}
+ plugins: # plugin list
+ {{- range $plugin := .Values.plugins }}
+ - {{ $plugin }}
+ {{- end }}
+ {{- if .Values.customPlugins.enabled }}
+ {{- range $plugin := .Values.customPlugins.plugins }}
+ - {{ $plugin.name }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ stream_plugins:
+ {{- range $plugin := .Values.stream_plugins }}
+ - {{ $plugin }}
+ {{- end }}
- #proxy_protocol: # Proxy Protocol configuration
- # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
- # This port can only receive http request with proxy protocol, but node_listen & port_admin
- # can only receive http request. If you enable proxy protocol, you must use this port to
- # receive http request with proxy protocol
- # listen_https_port: 9182 # The port with proxy protocol for https
- # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
- # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
+ {{- if .Values.extPlugin.enabled }}
+ ext-plugin:
+ cmd:
+ {{- range $arg := .Values.extPlugin.cmd }}
+ - {{ $arg }}
+ {{- end }}
+ {{- end }}
- proxy_cache: # Proxy Caching configuration
- cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
- zones: # The parameters of a cache
- - name: disk_cache_one # The name of the cache, administrator can be specify
- # which cache to use by name in the admin api
- memory_size: 50m # The size of shared memory, it's used to store the cache index
- disk_size: 1G # The size of disk, it's used to store the cache data
- disk_path: "/tmp/disk_cache_one" # The path to store the cache data
- cache_levels: "1:2" # The hierarchy levels of a cache
- # - name: disk_cache_two
- # memory_size: 50m
- # disk_size: 1G
- # disk_path: "/tmp/disk_cache_two"
- # cache_levels: "1:2"
+ {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
+ {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
+ {{- if gt (len ($pluginAttrs | fromYaml)) 0 }}
+ plugin_attr: {{- $pluginAttrs | nindent 6 }}
+ {{- end }}
+ {{- end }}
- allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+ {{- if .Values.wasmPlugins.enabled }}
+ wasm:
+ plugins:
+ {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
+ {{- end }}
+
+ {{- if $isBeta }}
+ deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
{{- if .Values.admin.allow.ipList }}
{{- range $ips := .Values.admin.allow.ipList }}
- {{ $ips }}
@@ -379,9 +327,10 @@ data:
{{- end}}
# - "::/64"
{{- if .Values.admin.enabled }}
- port_admin: {{ .Values.admin.port }}
+ admin_listen:
+ ip: 0.0.0.0
+ port: {{ .Values.admin.port }}
{{- end }}
-
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
@@ -395,122 +344,22 @@ data:
- name: "viewer"
key: {{ .Values.admin.credentials.viewer }}
role: viewer
- router:
- http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
- # radixtree_host_uri: match route by host + uri(base on radixtree)
- # radixtree_uri_with_parameter: match route by uri with parameters
- ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
- {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
- stream_proxy: # TCP/UDP proxy
- only: {{ .Values.gateway.stream.only }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
- tcp: # TCP proxy port list
- {{- if gt (len .Values.gateway.stream.tcp) 0}}
- {{- range .Values.gateway.stream.tcp }}
- - {{ . }}
- {{- end }}
- {{- else}}
- - 9100
- {{- end }}
- {{- end }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
- udp: # UDP proxy port list
- {{- if gt (len .Values.gateway.stream.udp) 0}}
- {{- range .Values.gateway.stream.udp }}
- - {{ . }}
- {{- end }}
- {{- else}}
- - 9200
- {{- end }}
- {{- end }}
- {{- end }}
- # dns_resolver:
- # {{- range $resolver := .Values.dns.resolvers }}
- # - {{ $resolver }}
- # {{- end }}
- dns_resolver_valid: {{.Values.dns.validity}}
- resolver_timeout: {{.Values.dns.timeout}}
- ssl:
- enable: {{ .Values.gateway.tls.enabled }}
- enable_http2: {{ .Values.gateway.tls.http2.enabled }}
- listen_port: {{ .Values.gateway.tls.containerPort }}
- ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
- ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RS [...]
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
- {{- end }}
-
- nginx_config: # config for render the template to genarate nginx.conf
- error_log: "{{ .Values.logs.errorLog }}"
- error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
- worker_processes: "{{ .Values.nginx.workerProcesses }}"
- enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
- worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
- event:
- worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
- {{- with .Values.nginx.envs }}
- envs:
- {{- range $env := . }}
- - {{ $env }}
- {{- end }}
- {{- end }}
- http:
- enable_access_log: {{ .Values.logs.enableAccessLog }}
- {{- if .Values.logs.enableAccessLog }}
- access_log: "{{ .Values.logs.accessLog }}"
- access_log_format: "{{ .Values.logs.accessLogFormat }}"
- access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
- {{- end }}
- keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
- client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
- client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
- send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
- underscores_in_headers: "on" # default enables the use of underscores in client request header fields
- real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
- real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- - 127.0.0.1
- - 'unix:'
- {{- if .Values.apisix.customLuaSharedDicts }}
- custom_lua_shared_dict: # add custom shared cache to nginx.conf
- {{- range $dict := .Values.apisix.customLuaSharedDicts }}
- {{ $dict.name }}: {{ $dict.size }}
- {{- end }}
- {{- end }}
- {{- if .Values.configurationSnippet.main }}
- main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpStart }}
- http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpEnd }}
- http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpSrv }}
- http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.httpAdmin }}
- http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
- {{- end }}
- {{- if .Values.configurationSnippet.stream }}
- stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
- {{- end }}
-
etcd:
{{- if .Values.etcd.enabled }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
{{- if .Values.etcd.fullnameOverride }}
- "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
{{- else }}
- "{{ include "apisix.etcd.auth.scheme" . }}://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
{{- end}}
{{- else }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
{{- range $value := .Values.etcd.host }}
- "{{ $value }}" # multiple etcd address
{{- end}}
{{- end }}
- prefix: {{ .Values.etcd.prefix | quote }} # apisix configurations prefix
- timeout: {{ .Values.etcd.timeout }} # 30 seconds
+ prefix: {{ .Values.etcd.prefix | quote }} # configuration prefix in etcd
+ timeout: {{ .Values.etcd.timeout }} # 30 seconds
{{- if .Values.etcd.auth.rbac.create }}
user: {{ .Values.etcd.auth.rbac.user | quote }}
password: {{ .Values.etcd.auth.rbac.password | quote }}
@@ -522,58 +371,6 @@ data:
verify: {{ .Values.etcd.auth.tls.verify }}
sni: "{{ .Values.etcd.auth.tls.sni }}"
{{- end }}
-
- {{- if .Values.discovery.enabled }}
- discovery:
- {{- range $key, $value := .Values.discovery.registry }}
- {{ $key }}:
- {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
- {{- end }}
- {{- end }}
-
- {{- if .Values.vault.enabled }}
- vault:
- host: {{ .Values.vault.host }}
- timeout: {{ .Values.vault.timeout }}
- token: {{ .Values.vault.token }}
- prefix: {{ .Values.vault.prefix }}
- {{- end }}
-
- {{- if .Values.plugins }}
- plugins: # plugin list
- {{- range $plugin := .Values.plugins }}
- - {{ $plugin }}
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- - {{ $plugin.name }}
- {{- end }}
- {{- end }}
- {{- end }}
- stream_plugins:
- {{- range $plugin := .Values.stream_plugins }}
- - {{ $plugin }}
- {{- end }}
-
- {{- if .Values.extPlugin.enabled }}
- ext-plugin:
- cmd:
- {{- range $arg := .Values.extPlugin.cmd }}
- - {{ $arg }}
- {{- end }}
- {{- end }}
-
- {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
- {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
- {{- if gt (len $pluginAttrs) 0 }}
- plugin_attr: {{- $pluginAttrs | nindent 6 }}
- {{- end }}
- {{- end }}
- {{- if .Values.wasmPlugins.enabled }}
- wasm:
- plugins:
- {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
- {{- end }}
- {{- end }}
-{{- end }}
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index eeb9a27..72d7e45 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -76,6 +76,7 @@ apisix:
# kind is DaemonSet, replicaCount not become effective
replicaCount: 1
+ priorityClassName: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000