You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2022/08/31 08:30:04 UTC
[apisix-helm-chart] branch master updated: feat: upgrade apisix-ingress-controller to 1.5.0-rc1 (#331)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 933c356 feat: upgrade apisix-ingress-controller to 1.5.0-rc1 (#331)
933c356 is described below
commit 933c356ddbcc42d27c0f7dc3d23610dda3d9092f
Author: Gallardot <tt...@163.com>
AuthorDate: Wed Aug 31 16:29:59 2022 +0800
feat: upgrade apisix-ingress-controller to 1.5.0-rc1 (#331)
Co-authored-by: Jintao Zhang <zh...@gmail.com>
---
charts/apisix-ingress-controller/Chart.yaml | 10 +-
.../crds/customresourcedefinitions.yaml | 1494 +++++++++++++++++---
.../templates/configmap.yaml | 1 +
.../apisix-ingress-controller/templates/rbac.yaml | 96 +-
charts/apisix-ingress-controller/values.yaml | 10 +-
5 files changed, 1330 insertions(+), 281 deletions(-)
diff --git a/charts/apisix-ingress-controller/Chart.yaml b/charts/apisix-ingress-controller/Chart.yaml
index 69291fa..870a18d 100644
--- a/charts/apisix-ingress-controller/Chart.yaml
+++ b/charts/apisix-ingress-controller/Chart.yaml
@@ -24,8 +24,14 @@ keywords:
- nginx
- crd
type: application
-version: 0.9.3
-appVersion: 1.4.1
+version: 0.10.0-rc1
+appVersion: 1.5.0-rc1
+sources:
+ - https://github.com/apache/apisix-helm-chart
maintainers:
- name: tao12345666333
+
+# ref: https://artifacthub.io/docs/topics/annotations/helm/
+annotations:
+ artifacthub.io/prerelease: "true"
diff --git a/charts/apisix-ingress-controller/crds/customresourcedefinitions.yaml b/charts/apisix-ingress-controller/crds/customresourcedefinitions.yaml
index 399fe93..3c0d034 100644
--- a/charts/apisix-ingress-controller/crds/customresourcedefinitions.yaml
+++ b/charts/apisix-ingress-controller/crds/customresourcedefinitions.yaml
@@ -31,6 +31,45 @@ spec:
preserveUnknownFields: false
scope: Cluster
versions:
+ - name: v2
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ admin:
+ type: object
+ required:
+ - baseURL
+ properties:
+ baseURL:
+ type: string
+ pattern: "https?://[^:]+:(\\d+)"
+ adminKey:
+ type: string
+ monitoring:
+ type: object
+ properties:
+ prometheus:
+ type: object
+ properties:
+ enable:
+ type: boolean
+ skywalking:
+ type: object
+ properties:
+ enable:
+ type: boolean
+ sampleRatio:
+ type: number
+ minimum: 0.00001
+ maximum: 1
- name: v2beta3
schema:
openAPIV3Schema:
@@ -67,7 +106,8 @@ spec:
type: object
type: object
served: true
- storage: true
+ storage: false
+ deprecated: true
subresources:
status: {}
- name: v2alpha1
@@ -128,6 +168,174 @@ spec:
preserveUnknownFields: false
scope: Namespaced
versions:
+ - name: v2
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ required:
+ - authParameter
+ properties:
+ authParameter:
+ type: object
+ oneOf:
+ - required: ["basicAuth"]
+ - required: ["keyAuth"]
+ - required: ["wolfRBAC"]
+ - required: ["jwtAuth"]
+ - required: ["hmacAuth"]
+ properties:
+ basicAuth:
+ type: object
+ oneOf:
+ - required: ["value"]
+ - required: ["secretRef"]
+ properties:
+ value:
+ type: object
+ properties:
+ username:
+ type: string
+ minLength: 1
+ password:
+ type: string
+ minLength: 1
+ required:
+ - username
+ - password
+ secretRef:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ required:
+ - name
+ keyAuth:
+ type: object
+ oneOf:
+ - required: ["value"]
+ - required: ["secretRef"]
+ properties:
+ value:
+ type: object
+ properties:
+ key:
+ type: string
+ minLength: 1
+ required:
+ - key
+ secretRef:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ required:
+ - name
+ jwtAuth:
+ type: object
+ oneOf:
+ - required: ["value"]
+ - required: ["secretRef"]
+ properties:
+ value:
+ type: object
+ properties:
+ key:
+ type: string
+ minLength: 1
+ secret:
+ type: string
+ public_key:
+ type: string
+ private_key:
+ type: string
+ algorithm:
+ type: string
+ exp:
+ type: integer
+ base64_secret:
+ type: boolean
+ required:
+ - key
+ secretRef:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ required:
+ - name
+ wolfRBAC:
+ type: object
+ oneOf:
+ - required: ["value"]
+ - required: ["secretRef"]
+ properties:
+ value:
+ type: object
+ properties:
+ server:
+ type: string
+ appid:
+ type: string
+ header_prefix:
+ type: string
+ secretRef:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ required:
+ - name
+ hmacAuth:
+ type: object
+ oneOf:
+ - required: ["value"]
+ - required: ["secretRef"]
+ properties:
+ value:
+ type: object
+ properties:
+ access_key:
+ type: string
+ secret_key:
+ type: string
+ algorithm:
+ type: string
+ clock_skew:
+ type: integer
+ signed_headers:
+ type: array
+ items:
+ type: string
+ keep_headers:
+ type: boolean
+ encode_uri_params:
+ type: boolean
+ validate_request_body:
+ type: boolean
+ max_req_body:
+ type: integer
+ required:
+ - access_key
+ - secret_key
+ secretRef:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ required:
+ - name
- name: v2beta3
schema:
openAPIV3Schema:
@@ -199,7 +407,8 @@ spec:
type: object
type: object
served: true
- storage: true
+ storage: false
+ deprecated: true
subresources:
status: {}
- name: v2alpha1
@@ -294,12 +503,65 @@ spec:
singular: apisixpluginconfig
scope: Namespaced
versions:
- - additionalPrinterColumns:
+ - name: v2
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ priority: 0
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ required:
+ - plugins
+ properties:
+ plugins:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ enable:
+ type: boolean
+ config:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true # we have to enable it since plugin config
+ required:
+ - name
+ - enable
+ status:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ "type":
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ message:
+ type: string
+ observedGeneration:
+ type: integer
+ - name: v2beta3
+ additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
priority: 0
type: date
- name: v2beta3
schema:
openAPIV3Schema:
properties:
@@ -344,7 +606,8 @@ spec:
type: object
type: object
served: true
- storage: true
+ storage: false
+ deprecated: true
subresources:
status: {}
---
@@ -364,7 +627,8 @@ spec:
singular: apisixroute
scope: Namespaced
versions:
- - additionalPrinterColumns:
+ - name: v2beta1
+ additionalPrinterColumns:
- jsonPath: .spec.http[].match.hosts
name: Hosts
priority: 0
@@ -389,8 +653,6 @@ spec:
name: Age
priority: 0
type: date
- deprecated: true
- name: v2beta1
schema:
openAPIV3Schema:
properties:
@@ -716,11 +978,13 @@ spec:
type: array
type: object
type: object
- served: true
+ served: false
storage: false
+ deprecated: true
subresources:
status: {}
- - additionalPrinterColumns:
+ - name: v2beta2
+ additionalPrinterColumns:
- jsonPath: .spec.http[].match.hosts
name: Hosts
priority: 0
@@ -745,7 +1009,6 @@ spec:
name: Age
priority: 0
type: date
- name: v2beta2
schema:
openAPIV3Schema:
properties:
@@ -999,9 +1262,11 @@ spec:
type: object
served: true
storage: false
+ deprecated: true
subresources:
status: {}
- - additionalPrinterColumns:
+ - name: v2beta3
+ additionalPrinterColumns:
- jsonPath: .spec.http[].match.hosts
name: Hosts
priority: 0
@@ -1026,7 +1291,6 @@ spec:
name: Age
priority: 0
type: date
- name: v2beta3
schema:
openAPIV3Schema:
properties:
@@ -1282,44 +1546,649 @@ spec:
type: object
type: object
served: true
+ storage: false
+ deprecated: true
+ subresources:
+ status: {}
+ - name: v2
+ served: true
storage: true
subresources:
status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- labels:
- apisix.apache.org/app: ingress-apisix
- name: apisixtlses.apisix.apache.org
-spec:
- group: apisix.apache.org
- names:
- kind: ApisixTls
- plural: apisixtlses
- shortNames:
- - atls
- singular: apisixtls
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.hosts
- name: SNIs
+ additionalPrinterColumns:
+ - jsonPath: .spec.http[].match.hosts
+ name: Hosts
type: string
- - jsonPath: .spec.secret.name
- name: Secret Name
+ priority: 0
+ - jsonPath: .spec.http[].match.paths
+ name: URIs
type: string
- - jsonPath: .spec.secret.namespace
- name: Secret Namespace
+ priority: 0
+ - jsonPath: .spec.http[].backends[].serviceName
+ name: Target Service(HTTP)
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v2beta3
- schema:
- openAPIV3Schema:
- description: ApisixTls defines SSL resource in APISIX.
+ priority: 1
+ - jsonPath: .spec.tcp[].match.ingressPort
+ name: Ingress Server Port(TCP)
+ type: integer
+ priority: 1
+ - jsonPath: .spec.tcp[].match.backend.serviceName
+ name: Target Service(TCP)
+ type: string
+ priority: 1
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ priority: 0
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ anyOf:
+ - required: ["http"]
+ - required: ["stream"]
+ properties:
+ http:
+ type: array
+ minItems: 1
+ items:
+ type: object
+ required: ["name", "match", "backends"]
+ properties:
+ name:
+ type: string
+ minLength: 1
+ priority:
+ type: integer
+ timeout:
+ type: object
+ properties:
+ connect:
+ type: string
+ send:
+ type: string
+ read:
+ type: string
+ match:
+ type: object
+ required:
+ - paths
+ properties:
+ paths:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ pattern: "^/[a-zA-Z0-9\\-._~%!$&'()+,;=:@/]*\\*?$"
+ hosts:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ pattern: "^\\*?[0-9a-zA-Z-._]+$"
+ methods:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ enum:
+ - "CONNECT"
+ - "DELETE"
+ - "GET"
+ - "HEAD"
+ - "OPTIONS"
+ - "PATCH"
+ - "POST"
+ - "PUT"
+ - "TRACE"
+ remoteAddrs:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ exprs:
+ type: array
+ minItems: 1
+ items:
+ type: object
+ properties:
+ subject:
+ type: object
+ properties:
+ scope:
+ type: string
+ enum:
+ - "Cookie"
+ - "Header"
+ - "Path"
+ - "Query"
+ name:
+ type: string
+ minLength: 1
+ required:
+ - scope
+ op:
+ type: string
+ enum:
+ - Equal
+ - NotEqual
+ - GreaterThan
+ - LessThan
+ - In
+ - NotIn
+ - RegexMatch
+ - RegexNotMatch
+ - RegexMatchCaseInsensitive
+ - RegexNotMatchCaseInsensitive
+ value:
+ type: string
+ set:
+ type: array
+ items:
+ type: string
+ oneOf:
+ - required: ["subject", "op", "value"]
+ - required: ["subject", "op", "set"]
+ websocket:
+ type: boolean
+ plugin_config_name:
+ type: string
+ minLength: 1
+ backends:
+ type: array
+ minItems: 1
+ items:
+ type: object
+ properties:
+ serviceName:
+ type: string
+ minLength: 1
+ servicePort:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resolveGranularity:
+ type: string
+ enum: ["endpoint", "service"]
+ weight:
+ type: integer
+ minimum: 0
+ subset:
+ type: string
+ required:
+ - serviceName
+ - servicePort
+ plugins:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ enable:
+ type: boolean
+ config:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true # we have to enable it since plugin config
+ required:
+ - name
+ - enable
+ authentication:
+ type: object
+ properties:
+ enable:
+ type: boolean
+ type:
+ type: string
+ enum:
+ - "basicAuth"
+ - "keyAuth"
+ - "jwtAuth"
+ - "wolfRBAC"
+ - "hmacAuth"
+ keyAuth:
+ type: object
+ properties:
+ header:
+ type: string
+ jwtAuth:
+ type: object
+ properties:
+ header:
+ type: string
+ query:
+ type: string
+ cookie:
+ type: string
+ required:
+ - enable
+ stream:
+ type: array
+ minItems: 1
+ items:
+ type: object
+ required: ["name", "match", "backend", "protocol"]
+ properties:
+ "protocol":
+ type: string
+ enum: ["TCP", "UDP"]
+ name:
+ type: string
+ minLength: 1
+ match:
+ type: object
+ properties:
+ ingressPort:
+ type: integer
+ minimum: 1
+ maximum: 65535
+ required:
+ - ingressPort
+ backend:
+ type: object
+ properties:
+ serviceName:
+ type: string
+ minLength: 1
+ servicePort:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ resolveGranularity:
+ type: string
+ enum: ["endpoint", "service"]
+ subset:
+ type: string
+ required:
+ - serviceName
+ - servicePort
+ plugins:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ enable:
+ type: boolean
+ config:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true # we have to enable it since plugin config
+ required:
+ - name
+ - enable
+ status:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ "type":
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ message:
+ type: string
+ observedGeneration:
+ type: integer
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ apisix.apache.org/app: ingress-apisix
+ name: apisixtlses.apisix.apache.org
+spec:
+ group: apisix.apache.org
+ names:
+ kind: ApisixTls
+ plural: apisixtlses
+ shortNames:
+ - atls
+ singular: apisixtls
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v2
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .spec.hosts
+ name: SNIs
+ type: string
+ - jsonPath: .spec.secret.name
+ name: Secret Name
+ type: string
+ - jsonPath: .spec.secret.namespace
+ name: Secret Namespace
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: ApisixTls defines SSL resource in APISIX.
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApisixTlsSpec is the specification of ApisixSSL.
+ type: object
+ required:
+ - hosts
+ - secret
+ properties:
+ client:
+ description: ApisixMutualTlsClientConfig describes the mutual TLS CA
+ and verify depth
+ type: object
+ properties:
+ caSecret:
+ description: ApisixSecret describes the Kubernetes Secret name and
+ namespace.
+ type: object
+ required:
+ - name
+ - namespace
+ properties:
+ name:
+ type: string
+ minLength: 1
+ namespace:
+ type: string
+ minLength: 1
+ depth:
+ type: integer
+ hosts:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ pattern: ^\*?[0-9a-zA-Z-.]+$
+ secret:
+ description: ApisixSecret describes the Kubernetes Secret name and namespace.
+ type: object
+ required:
+ - name
+ - namespace
+ properties:
+ name:
+ type: string
+ minLength: 1
+ namespace:
+ type: string
+ minLength: 1
+ status:
+ description: ApisixStatus is the status report for Apisix ingress Resources
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a foo's
+ current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type //
+ +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ type: object
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ type: string
+ format: date-time
+ message:
+ description: message is a human readable message indicating details
+ about the transition. This may be an empty string.
+ type: string
+ maxLength: 32768
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ type: integer
+ format: int64
+ minimum: 0
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers of
+ specific condition types may define expected values and meanings
+ for this field, and whether the values are considered a guaranteed
+ API. The value should be a CamelCase string. This field may
+ not be empty.
+ type: string
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ type: string
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ - name: v2beta3
+ additionalPrinterColumns:
+ - jsonPath: .spec.hosts
+ name: SNIs
+ type: string
+ - jsonPath: .spec.secret.name
+ name: Secret Name
+ type: string
+ - jsonPath: .spec.secret.namespace
+ name: Secret Namespace
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: ApisixTls defines SSL resource in APISIX.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApisixTlsSpec is the specification of ApisixSSL.
+ properties:
+ client:
+ description: ApisixMutualTlsClientConfig describes the mutual TLS
+ CA and verify depth
+ properties:
+ caSecret:
+ description: ApisixSecret describes the Kubernetes Secret name
+ and namespace.
+ properties:
+ name:
+ minLength: 1
+ type: string
+ namespace:
+ minLength: 1
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ depth:
+ type: integer
+ type: object
+ hosts:
+ items:
+ pattern: ^\*?[0-9a-zA-Z-.]+$
+ type: string
+ minItems: 1
+ type: array
+ secret:
+ description: ApisixSecret describes the Kubernetes Secret name and
+ namespace.
+ properties:
+ name:
+ minLength: 1
+ type: string
+ namespace:
+ minLength: 1
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - hosts
+ - secret
+ type: object
+ status:
+ description: ApisixStatus is the status report for Apisix ingress Resources
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ deprecated: true
+ subresources:
+ status: {}
+ - name: v1
+ additionalPrinterColumns:
+ - jsonPath: .spec.hosts
+ name: SNIs
+ type: string
+ - jsonPath: .spec.secret.name
+ name: Secret Name
+ type: string
+ - jsonPath: .spec.secret.namespace
+ name: Secret Namespace
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: ApisixTls defines SSL resource in APISIX.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1455,184 +2324,400 @@ spec:
type: array
type: object
type: object
+ served: false
+ storage: false
+ deprecated: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ apisix.apache.org/app: ingress-apisix
+ name: apisixupstreams.apisix.apache.org
+spec:
+ group: apisix.apache.org
+ names:
+ kind: ApisixUpstream
+ plural: apisixupstreams
+ shortNames:
+ - au
+ singular: apisixupstream
+ scope: Namespaced
+ versions:
+ - name: v2
served: true
storage: true
subresources:
status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.hosts
- name: SNIs
- type: string
- - jsonPath: .spec.secret.name
- name: Secret Name
- type: string
- - jsonPath: .spec.secret.namespace
- name: Secret Namespace
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1
schema:
openAPIV3Schema:
- description: ApisixTls defines SSL resource in APISIX.
+ type: object
properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
spec:
- description: ApisixTlsSpec is the specification of ApisixSSL.
+ type: object
properties:
- client:
- description: ApisixMutualTlsClientConfig describes the mutual TLS
- CA and verify depth
+ subsets:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 1
+ labels:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ required: ["name", "labels"]
+ loadbalancer:
+ type: object
properties:
- caSecret:
- description: ApisixSecret describes the Kubernetes Secret name
- and namespace.
+ type:
+ type: string
+ enum:
+ - roundrobin
+ - chash
+ - ewma
+ - least_conn
+ hashOn:
+ type: string
+ enum:
+ - vars
+ - vars_combinations
+ - header
+ - cookie
+ - consumer
+ key:
+ type: string
+ required:
+ - type
+ scheme:
+ type: string
+ enum:
+ - http
+ - grpc
+ - https
+ - grpcs
+ retries:
+ type: integer
+ minimum: 0
+ timeout:
+ type: object
+ properties:
+ connect:
+ type: string
+ read:
+ type: string
+ send:
+ type: string
+ tlsSecret:
+ description: ApisixSecret describes the Kubernetes Secret name and namespace.
+ type: object
+ required:
+ - name
+ - namespace
+ properties:
+ name:
+ type: string
+ minLength: 1
+ namespace:
+ type: string
+ minLength: 1
+ healthCheck:
+ type: object
+ anyOf:
+ - required:
+ - active
+ - required:
+ - active
+ - passive
+ properties:
+ active:
+ type: object
properties:
- name:
- minLength: 1
+ type:
type: string
- namespace:
- minLength: 1
+ enum:
+ - http
+ - https
+ - tcp
+ timeout:
+ type: number
+ minimum: 0
+ concurrency:
+ type: integer
+ minimum: 1
+ host:
type: string
- required:
- - name
- - namespace
+ pattern: "^\\*?[0-9a-zA-Z-._]+$"
+ port:
+ type: integer
+ minimum: 1
+ maximum: 65535
+ httpPath:
+ type: string
+ minLength: 1
+ strictTLS:
+ type: boolean
+ requestHeaders:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ healthy:
+ type: object
+ properties:
+ interval:
+ type: string
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ successes:
+ type: integer
+ minimum: 1
+ maximum: 254
+ unhealthy:
+ type: object
+ properties:
+ interval:
+ type: string
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ httpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ tcpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ timeouts:
+ type: integer
+ minimum: 0
+ passive:
type: object
- depth:
- type: integer
- type: object
- hosts:
- items:
- pattern: ^\*?[0-9a-zA-Z-.]+$
- type: string
- minItems: 1
+ properties:
+ type:
+ type: string
+ enum:
+ - http
+ - https
+ - tcp
+ healthy:
+ type: object
+ properties:
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ successes:
+ type: integer
+ minimum: 1
+ maximum: 254
+ unhealthy:
+ type: object
+ properties:
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ httpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ tcpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ timeouts:
+ type: integer
+ minimum: 0
+ portLevelSettings:
type: array
- secret:
- description: ApisixSecret describes the Kubernetes Secret name and
- namespace.
- properties:
- name:
- minLength: 1
- type: string
- namespace:
- minLength: 1
- type: string
- required:
- - name
- - namespace
- type: object
- required:
- - hosts
- - secret
- type: object
- status:
- description: ApisixStatus is the status report for Apisix ingress Resources
- properties:
- conditions:
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
+ type: object
properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
+ port:
type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ minimum: 1
+ maximum: 65535
+ loadbalancer:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - roundrobin
+ - chash
+ - ewma
+ - least_conn
+ hashOn:
+ type: string
+ enum:
+ - vars
+ - vars_combinations
+ - header
+ - cookie
+ - consumer
+ key:
+ type: string
+ required:
+ - type
+ scheme:
type: string
- status:
- description: status of the condition, one of True, False, Unknown.
enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: false
- storage: false
- deprecated: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- labels:
- apisix.apache.org/app: ingress-apisix
- name: apisixupstreams.apisix.apache.org
-spec:
- group: apisix.apache.org
- names:
- kind: ApisixUpstream
- plural: apisixupstreams
- shortNames:
- - au
- singular: apisixupstream
- scope: Namespaced
- versions:
+ - http
+ - grpc
+ retries:
+ type: integer
+ minimum: 0
+ timeout:
+ type: object
+ properties:
+ connect:
+ type: string
+ read:
+ type: string
+ send:
+ type: string
+ healthCheck:
+ type: object
+ anyOf:
+ - required:
+ - active
+ - required:
+ - active
+ - passive
+ properties:
+ active:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - http
+ - https
+ - tcp
+ timeout:
+ type: number
+ minimum: 0
+ concurrency:
+ type: integer
+ minimum: 1
+ host:
+ type: string
+ pattern: "^\\*?[0-9a-zA-Z-._]+$"
+ port:
+ type: integer
+ minimum: 1
+ maximum: 65535
+ httpPath:
+ type: string
+ minLength: 1
+ strictTLS:
+ type: boolean
+ requestHeaders:
+ type: array
+ minItems: 1
+ items:
+ type: string
+ healthy:
+ type: object
+ properties:
+ interval:
+ type: string
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ successes:
+ type: integer
+ minimum: 1
+ maximum: 254
+ unhealthy:
+ type: object
+ properties:
+ interval:
+ type: string
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ httpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ tcpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ timeout:
+ type: string
+ passive:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - http
+ - https
+ - tcp
+ healthy:
+ type: object
+ properties:
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ successes:
+ type: integer
+ minimum: 1
+ maximum: 254
+ unhealthy:
+ type: object
+ properties:
+ httpCodes:
+ type: array
+ minItems: 1
+ items:
+ type: integer
+ minimum: 200
+ maximum: 599
+ httpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ tcpFailures:
+ type: integer
+ minimum: 1
+ maximum: 254
+ timeout:
+ type: string
- name: v2beta3
schema:
openAPIV3Schema:
@@ -2005,7 +3090,8 @@ spec:
type: object
type: object
served: true
- storage: true
+ storage: false
+ deprecated: true
subresources:
status: {}
- name: v1
diff --git a/charts/apisix-ingress-controller/templates/configmap.yaml b/charts/apisix-ingress-controller/templates/configmap.yaml
index 2380117..9b67b27 100644
--- a/charts/apisix-ingress-controller/templates/configmap.yaml
+++ b/charts/apisix-ingress-controller/templates/configmap.yaml
@@ -32,6 +32,7 @@ data:
{{- end }}
{{- end }}
enable_profiling: {{ .Values.config.enableProfiling }}
+ apisix-resource-sync-interval: {{ .Values.config.apisixResourceSyncInterval }}
kubernetes:
kubeconfig: {{ .Values.config.kubernetes.kubeconfig | quote }}
resync_interval: {{ .Values.config.kubernetes.resyncInterval | quote }}
diff --git a/charts/apisix-ingress-controller/templates/rbac.yaml b/charts/apisix-ingress-controller/templates/rbac.yaml
index fd30dae..4af2082 100644
--- a/charts/apisix-ingress-controller/templates/rbac.yaml
+++ b/charts/apisix-ingress-controller/templates/rbac.yaml
@@ -25,38 +25,19 @@ rules:
resources:
- events
verbs:
- - '*'
+ - "*"
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- - persistentvolumeclaims
- pods
- - replicationcontrollers
- - replicationcontrollers/scale
- - serviceaccounts
- services
- secrets
verbs:
- get
- list
- watch
- - apiGroups:
- - ""
- resources:
- - bindings
- - limitranges
- - namespaces/status
- - pods/log
- - pods/status
- - replicationcontrollers/status
- - resourcequotas
- - resourcequotas/status
- verbs:
- - get
- - list
- - watch
- apiGroups:
- ""
resources:
@@ -66,54 +47,17 @@ rules:
- list
- watch
- apiGroups:
- - apps
- resources:
- - controllerrevisions
- - daemonsets
- - deployments
- - deployments/scale
- - replicasets
- - replicasets/scale
- - statefulsets
- - statefulsets/scale
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - batch
+ - extensions
resources:
- - cronjobs
- - jobs
+ - ingresses
verbs:
- get
- list
- watch
- apiGroups:
- - extensions
+ - networking.k8s.io
resources:
- - daemonsets
- - deployments
- - deployments/scale
- ingresses
- - networkpolicies
- - replicasets
- - replicasets/scale
- - replicationcontrollers/scale
- verbs:
- - '*'
- - apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
verbs:
- get
- list
@@ -121,19 +65,9 @@ rules:
- apiGroups:
- networking.k8s.io
resources:
- - ingresses
- ingresses/status
- - networkpolicies
verbs:
- - '*'
- - apiGroups:
- - metrics.k8s.io
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
+ - update
- apiGroups:
- apisix.apache.org
resources:
@@ -165,6 +99,26 @@ rules:
- get
- list
- watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - httproutes
+ - tlsroutes
+ - gateways
+ - gatewayclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - httproutes/status
+ - tlsroutes/status
+ - gateways/status
+ - gatewayclasses/status
+ verbs:
+ - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml
index 456e108..7e0c4c1 100644
--- a/charts/apisix-ingress-controller/values.yaml
+++ b/charts/apisix-ingress-controller/values.yaml
@@ -42,7 +42,7 @@ replicaCount: 1
image:
repository: apache/apisix-ingress-controller
pullPolicy: IfNotPresent
- tag: "1.4.1"
+ tag: "1.5.0-rc1"
podAnnotations: {}
@@ -83,6 +83,8 @@ config:
ingressStatusAddress: []
# enable profiling via web interfaces host:port/debug/pprof, default is true.
enableProfiling: true
+ # Default interval for synchronizing Kubernetes resources to APISIX
+ apisixResourceSyncInterval: "300s"
# Kubernetes related configurations.
kubernetes:
# the Kubernetes configuration file path, default is "", so the in-cluster
@@ -112,9 +114,9 @@ config:
ingressVersion: "networking/v1"
# whether to watch EndpointSlices rather than Endpoints.
watchEndpointSlices: false
- # the supported apisixroute api group version, can be "apisix.apache.org/v2beta1"
- # "apisix.apache.org/v2beta2" or "apisix.apache.org/v2beta3"
- apisixRouteVersion: "apisix.apache.org/v2beta3"
+ # the supported apisixroute api group version, can be "apisix.apache.org/v2"
+ # "apisix.apache.org/v2beta3" or "apisix.apache.org/v2beta2"
+ apisixRouteVersion: "apisix.apache.org/v2"
# whether to enable support for Gateway API.
# Note: This feature is currently under development and may not work as expected.
# It is not recommended to use it in a production environment.