You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/26 07:51:31 UTC
[GitHub] [apisix] superwjc opened a new issue #5138: bug: set stream_routes with api returns "400 Bad Request"
superwjc opened a new issue #5138:
URL: https://github.com/apache/apisix/issues/5138
### Issue description
I have apisix-0.4.0 and apisix-ingress-controller-0.7.0 installed from local ".tgz" with helm, with the "stream_proxy" enabled, as described at [https://apisix.apache.org/docs/apisix/stream-proxy](url). Setting upstreams and routes with api was as intend, but setting stream_routes returns "400 Bad Request".
### Environment
- apisix version (cmd: `apisix version`):
```
kubectl -n apisix \
exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') \
-- apisix version
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
/usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua version
2.7
```
- OS (cmd: `uname -a`):
```
uname -a
```
```
Linux k8s-master-2 3.10.0-1160.42.2.el7.x86_64 #1 SMP Tue Sep 7 14:49:57 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
```
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
```
kubectl -n apisix \
exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') \
-- nginx -V
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
nginx version: openresty/1.19.3.1
built by gcc 10.2.1 20201203 (Alpine 10.2.1_pre1)
built with OpenSSL 1.1.1k 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.19 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.9 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -L/usr/local/openresty/pcre/l
ib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' --with-pcre --with-compat --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-ipv6 --with-mail --with-mail_ssl_module --with-md5-asm --with-pcre-jit --with-sha1-asm --with-stream --with-stream_ssl_module --with-threads --with-stream --with-stream_ssl_preread_module
```
- etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
```
kubectl exec -it -n apisix apisix-etcd-0 -- etcdctl version
```
```
etcdctl version: 3.4.16
API version: 3.4
```
- apisix-dashboard version, if have:
- the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner):
- luarocks version, if the issue is about installation (cmd: `luarocks --version`):
```
kubectl -n apisix \
exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') \
-- luarocks --version
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
/usr/local/openresty/luajit/bin/luarocks 3.7.0
LuaRocks main command-line interface
```
### Steps to reproduce
**1. run helm install in dry-run and debug mode with the following settings:**
```
helm -n apisix install apisix apisix-0.4.0.tgz \
--create-namespace \
--set admin.allow.ipList="{0.0.0.0/0}" \
--set etcd.persistence.enabled=false \
--set apisix.stream_proxy.only=false \
--set apisix.stream_proxy.tcp[0].addr=9100 \
--set apisix.stream_proxy.tcp[0].tls=true \
--set apisix.stream_proxy.udp[0].addr=9200 \
--debug \
--dry-run
```
**the output contains the following snippet:**
```
...
USER-SUPPLIED VALUES:
...
apisix:
stream_proxy:
only: false
tcp:
- addr: 9100
tls: true
udp:
- addr: 9200
...
...
COMPUTED VALUES:
...
apisix:
...
stream_proxy:
only: false
tcp:
- addr: 9100
tls: true
udp:
- addr: 9200
```
**2. install apisix and apisix-ingress-controller:**
```
helm -n apisix install apisix apisix-0.4.0.tgz \
--create-namespace \
--set admin.allow.ipList="{0.0.0.0/0}" \
--set etcd.persistence.enabled=false \
--set apisix.stream_proxy.only=false \
--set apisix.stream_proxy.tcp[0].addr=9100 \
--set apisix.stream_proxy.tcp[0].tls=true \
--set apisix.stream_proxy.udp[0].addr=9200
```
```
helm -n apisix \
install apisix-ingress-controller apisix-ingress-controller-0.7.0.tgz \
--create-namespace
```
**all pods and services were ok, the admin address was 10.96.107.57:9180**
```
# kubectl -n apisix get pod,svc
NAME READY STATUS RESTARTS AGE
pod/apisix-7d65976d76-29lqv 1/1 Running 0 3m51s
pod/apisix-etcd-0 1/1 Running 0 3m51s
pod/apisix-etcd-1 1/1 Running 0 3m51s
pod/apisix-etcd-2 1/1 Running 0 3m51s
pod/apisix-ingress-controller-698c9cc86-phgqg 1/1 Running 0 65s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/apisix-admin ClusterIP 10.96.107.57 <none> 9180/TCP 3m52s
service/apisix-etcd ClusterIP 10.111.26.88 <none> 2379/TCP,2380/TCP 3m52s
service/apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 3m52s
service/apisix-gateway NodePort 10.111.3.230 <none> 80:32285/TCP 3m52s
service/apisix-ingress-controller ClusterIP 10.110.66.223 <none> 80/TCP 65s
```
**3. get the admin-key of the apisix pod:**
```
kubectl -n apisix \
exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') \
-- cat conf/config.yaml 2>/dev/null | \
grep '^\s*key: ' | sed -n '1p' | awk '{print $2}'
```
```
edd1c9f034335f136f87ad84b625c8f1
```
**4. set a route for test, no errors occured:**
```
curl -sS http://10.96.107.57:9180/apisix/admin/upstreams/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"nodes": {
"default.webserver:80": 100
},
"type": "roundrobin",
"scheme": "http"
}'
```
```
{"action":"set","node":{"value":{"update_time":1632640526,"type":"roundrobin","hash_on":"vars","create_time":1632640526,"pass_host":"pass","nodes":{"default.webserver:80":100},"scheme":"http","id":"1"},"key":"\/apisix\/upstreams\/1"}}
```
```
curl -sS http://10.96.107.57:9180/apisix/admin/upstreams -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X GET | jq
```
```
{
"node": {
"dir": true,
"nodes": [
{
"modifiedIndex": 13,
"value": {
"id": "1",
"create_time": 1632640526,
"update_time": 1632640526,
"type": "roundrobin",
"pass_host": "pass",
"nodes": {
"default.webserver:80": 100
},
"hash_on": "vars",
"scheme": "http"
},
"key": "/apisix/upstreams/1",
"createdIndex": 13
}
],
"key": "/apisix/upstreams"
},
"action": "get",
"count": 1
}
```
**5. set a stream route fully copied from [https://apisix.apache.org/docs/apisix/stream-proxy](url), returned the "400 Bad Request" massage:**
```
curl -sS http://10.96.107.57:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}'
```
```
HTTP/1.1 400 Bad Request
Server: openresty
Date: Sun, 26 Sep 2021 07:22:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 154
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 3600
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>openresty</center>
</body>
</html>
```
```
curl -sS http://10.96.107.57:9180/apisix/admin/stream_routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X GET | jq
```
```
{
"node": {
"dir": true,
"nodes": {},
"key": "/apisix/stream_routes"
},
"action": "get",
"count": 0
}
```
### Actual result
described above
### Error log
described above
### Expected result
Adding stream routes with api should behave the same as described at the official documents [https://apisix.apache.org/docs/apisix/stream-proxy](url)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927259959
```
helm get values -n apisix apisix
```
```
USER-SUPPLIED VALUES:
admin:
allow:
ipList:
- 0.0.0.0/0
apisix:
stream_proxy:
only: false
tcp:
- addr: 9100
tls: true
udp:
- addr: 9200
etcd:
persistence:
enabled: false
gateway:
stream:
enabled: true
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927818067
> What I mean is the ultimate apisix config.yaml, you can login to such container and cat it by `cat /usr/local/apisix/conf/config.yaml`.
@tokers I pasted
https://github.com/apache/apisix/issues/5138#issuecomment-927516412
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc edited a comment on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc edited a comment on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927516412
> @superwjc Could you paste the APISIX `config.yaml`?
@tokers I found the config.yaml in the 'apisix' pod, but the file was mounted read-only, so its content can't be changed, but how can i enable the 'stream_proxy' option? By changing the configmap of apisix?
**the content of '/usr/local/apisix/conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- cat /usr/local/apisix/conf/config.yaml
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator can be specify
# which cache to use by name in the admin api
memory_size: 50m # The size of shared memory, it's used to store the cache index
disk_size: 1G # The size of disk, it's used to store the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0
# - "::/64"
port_admin: 9180
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
# admin: can everything for configuration data
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
# radixtree_host_uri: match route by host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
# dns_resolver:
#
# - 127.0.0.1
#
# - 172.20.0.10
#
# - 114.114.114.114
#
# - 223.5.5.5
#
# - 1.1.1.1
#
# - 8.8.8.8
#
dns_resolver_valid: 30
resolver_timeout: 5
ssl:
enable: false
enable_http2: true
listen_port: 9443
ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
nginx_config: # config for render the template to genarate nginx.conf
error_log: "/dev/stderr"
error_log_level: "warn" # warn,error
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
event:
worker_connections: 10620
http:
access_log: "/dev/stdout"
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://apisix-etcd.apisix.svc.cluster.local:2379"
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
plugins: # plugin list
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
stream_plugins:
- mqtt-proxy
```
**the mount mode of '/usr/local/apisix/conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- mount | grep apisix
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
/dev/sda3 on /usr/local/apisix/conf/config.yaml type xfs (ro,relatime,attr2,inode64,noquota)
```
**can't write to the 'conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- /bin/bash
Defaulted container "apisix" out of: apisix, wait-etcd (init)
bash-5.1#
bash-5.1# pwd
/usr/local/apisix
bash-5.1#
bash-5.1# echo '' >> /usr/local/apisix/conf/config.yaml
bash: /usr/local/apisix/conf/config.yaml: Read-only file system
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc edited a comment on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc edited a comment on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927285494
> @superwjc Could you paste the APISIX `config.yaml`?
@tokers thanks for reply, do you mean the apisix/values.yaml? I installed from the "tgz" file directly without decompressing, so this is not the problem, the yaml was always kept default.
```
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
global:
imagePullSecrets: []
apisix:
# Enable or disable Apache APISIX itself
# Set it to flase and ingress-controller.enabled=true will deploy only ingress-controller
enabled: true
image:
repository: apache/apisix
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 2.7-alpine
replicaCount: 1
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# If true, it will sets the anti-affinity of the Pod.
podAntiAffinity:
enabled: false
nameOverride: ""
fullnameOverride: ""
gateway:
type: NodePort
# If you want to keep the client source IP, you can set this to Local.
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# type: LoadBalancer
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
http:
enabled: true
servicePort: 80
containerPort: 9080
tls:
enabled: false
servicePort: 443
containerPort: 9443
http2:
enabled: true
stream: # L4 proxy (TCP/UDP)
enabled: false
only: false
tcp: []
udp: []
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: apisix.local
paths: []
tls: []
# - secretName: apisix-tls
# hosts:
# - chart-example.local
admin:
# Enable Admin API
enabled: true
# admin service type
type: ClusterIP
# loadBalancerIP: a.b.c.d
# loadBalancerSourceRanges:
# - "143.231.0.0/16"
externalIPs: []
#
port: 9180
servicePort: 9180
# Admin API support CORS response headers
cors: true
# Admin API credentials
credentials:
admin: edd1c9f034335f136f87ad84b625c8f1
viewer: 4054f7cf07e344346cd3f287985e76a2
allow:
# The ip range for allowing access to Apache APISIX
ipList:
- 127.0.0.1/24
# APISIX plugins to be enabled
plugins:
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
stream_plugins:
- mqtt-proxy
dns:
resolvers:
- 127.0.0.1
- 172.20.0.10
- 114.114.114.114
- 223.5.5.5
- 1.1.1.1
- 8.8.8.8
validity: 30
timeout: 5
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# etcd configuration
# use the FQDN address or the IP of the etcd
etcd:
# install etcd(v3) by default, set false if do not want to install etcd(v3) together
enabled: true
host:
- http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
prefix: "/apisix"
timeout: 30
# if etcd.enabled is true, set more values of bitnami/etcd helm chart
auth:
rbac:
# No authentication by default
enabled: false
service:
port: 2379
replicaCount: 3
dashboard:
enabled: false
ingress-controller:
enabled: false
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927516412
> @superwjc Could you paste the APISIX `config.yaml`?
@tokers I found the config.yaml in the 'apisix' pod, but the file was mounted read-only, so its content can't be changed, but how can i enable the 'stream_proxy' option?
**the content of '/usr/local/apisix/conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- cat /usr/local/apisix/conf/config.yaml
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator can be specify
# which cache to use by name in the admin api
memory_size: 50m # The size of shared memory, it's used to store the cache index
disk_size: 1G # The size of disk, it's used to store the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0
# - "::/64"
port_admin: 9180
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
# admin: can everything for configuration data
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
# radixtree_host_uri: match route by host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
# dns_resolver:
#
# - 127.0.0.1
#
# - 172.20.0.10
#
# - 114.114.114.114
#
# - 223.5.5.5
#
# - 1.1.1.1
#
# - 8.8.8.8
#
dns_resolver_valid: 30
resolver_timeout: 5
ssl:
enable: false
enable_http2: true
listen_port: 9443
ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
nginx_config: # config for render the template to genarate nginx.conf
error_log: "/dev/stderr"
error_log_level: "warn" # warn,error
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
event:
worker_connections: 10620
http:
access_log: "/dev/stdout"
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://apisix-etcd.apisix.svc.cluster.local:2379"
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
plugins: # plugin list
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
stream_plugins:
- mqtt-proxy
```
**the mount mode of '/usr/local/apisix/conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- mount | grep apisix
```
```
Defaulted container "apisix" out of: apisix, wait-etcd (init)
/dev/sda3 on /usr/local/apisix/conf/config.yaml type xfs (ro,relatime,attr2,inode64,noquota)
```
**can't write to the 'conf/config.yaml':**
```
kubectl -n apisix exec -it $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -- /bin/bash
Defaulted container "apisix" out of: apisix, wait-etcd (init)
bash-5.1#
bash-5.1# pwd
/usr/local/apisix
bash-5.1#
bash-5.1# echo '' >> /usr/local/apisix/conf/config.yaml
bash: /usr/local/apisix/conf/config.yaml: Read-only file system
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927261877
```
kubectl -n apisix logs $(kubectl -n apisix \
get pod -l "app.kubernetes.io/instance=apisix,app.kubernetes.io/name=apisix" | \
sed -n '1!p' | awk '{print $1}' | sed -n '1p') -f
```
```
2021/09/26 08:23:10 [warn] 43#43: *25526 [lua] init.lua:191: handler(): stream mode is disabled, can not to add any stream route, client: 10.244.196.0, server: , request: "PUT /apisix/admin/stream_routes/1 HTTP/1.1", host: "10.104.12.30:9180"
10.244.196.0 - - [26/Sep/2021:08:23:10 +0000] 10.104.12.30:9180 "PUT /apisix/admin/stream_routes/1 HTTP/1.1" 400 154 0.000 "-" "curl/7.29.0" - - - "http://10.104.12.30:9180"
```
I have no idea how to resolv it.
P.S. the error message "can not to add any stream route" has a grammatical error, should be changed to "can not add any stream route"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-928532597
It seems that the stream proxy was not enabled. I noticed that the helm chart of APISIX you're using is `0.4.0`, would you like to try the `0.5.0` and see if the same problem occurs?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927615421
**How poor the documentation you made!**
from 'apisix/templates/configmap.yaml'
```
{{- if and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
stream_proxy: # TCP/UDP proxy
only: {{ .Values.gateway.stream.only }}
{{- if gt (len .Values.gateway.stream.tcp) 0 }}
tcp: # TCP proxy port list
{{- range .Values.gateway.stream.tcp }}
- {{ . }}
{{- end }}
{{- end }}
{{- if gt (len .Values.gateway.stream.udp) 0 }}
udp: # UDP proxy port list
{{- range .Values.gateway.stream.udp }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927285494
> @superwjc Could you paste the APISIX `config.yaml`?
@tokers thanks for reply, do you mean the apisix/values.yaml? I installed from the "tgz" file directly without decompressing, so this not the problem, the yaml was always kept default.
```
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
global:
imagePullSecrets: []
apisix:
# Enable or disable Apache APISIX itself
# Set it to flase and ingress-controller.enabled=true will deploy only ingress-controller
enabled: true
image:
repository: apache/apisix
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 2.7-alpine
replicaCount: 1
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# If true, it will sets the anti-affinity of the Pod.
podAntiAffinity:
enabled: false
nameOverride: ""
fullnameOverride: ""
gateway:
type: NodePort
# If you want to keep the client source IP, you can set this to Local.
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# type: LoadBalancer
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
http:
enabled: true
servicePort: 80
containerPort: 9080
tls:
enabled: false
servicePort: 443
containerPort: 9443
http2:
enabled: true
stream: # L4 proxy (TCP/UDP)
enabled: false
only: false
tcp: []
udp: []
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: apisix.local
paths: []
tls: []
# - secretName: apisix-tls
# hosts:
# - chart-example.local
admin:
# Enable Admin API
enabled: true
# admin service type
type: ClusterIP
# loadBalancerIP: a.b.c.d
# loadBalancerSourceRanges:
# - "143.231.0.0/16"
externalIPs: []
#
port: 9180
servicePort: 9180
# Admin API support CORS response headers
cors: true
# Admin API credentials
credentials:
admin: edd1c9f034335f136f87ad84b625c8f1
viewer: 4054f7cf07e344346cd3f287985e76a2
allow:
# The ip range for allowing access to Apache APISIX
ipList:
- 127.0.0.1/24
# APISIX plugins to be enabled
plugins:
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
stream_plugins:
- mqtt-proxy
dns:
resolvers:
- 127.0.0.1
- 172.20.0.10
- 114.114.114.114
- 223.5.5.5
- 1.1.1.1
- 8.8.8.8
validity: 30
timeout: 5
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# etcd configuration
# use the FQDN address or the IP of the etcd
etcd:
# install etcd(v3) by default, set false if do not want to install etcd(v3) together
enabled: true
host:
- http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
prefix: "/apisix"
timeout: 30
# if etcd.enabled is true, set more values of bitnami/etcd helm chart
auth:
rbac:
# No authentication by default
enabled: false
service:
port: 2379
replicaCount: 3
dashboard:
enabled: false
ingress-controller:
enabled: false
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927283538
@superwjc Could you paste the APISIX `config.yaml`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927259854
I reinstalled apisix with "gateway.stream.enabled=true", but it didn't have any effect.
is there something wrong?
@tokers
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927783844
What I mean is the ultimate apisix config.yaml, you can login to such container and cat it by `cat /usr/local/apisix/conf/config.yaml`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-928532597
It seems that the stream proxy was not enabled. I noticed that the helm chart of APISIX you're using is `0.4.0`, would you like to try the `0.5.0` and see if the same problem occurs?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] superwjc commented on issue #5138: bug: set stream_routes with api returns "400 Bad Request"
Posted by GitBox <gi...@apache.org>.
superwjc commented on issue #5138:
URL: https://github.com/apache/apisix/issues/5138#issuecomment-927538039
I update the configmap for apisix, add the following options and then restart the deployment.
```
kubectl -n apisix get configmaps apisix -o yaml > apisix-configmap.yaml
```
```
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
stream_proxy:
only: false
tcp:
- addr: 9100
tls: true
udp:
- addr: 9200
```
```
kubectl -n apisix apply -f apisix-configmap.yaml
```
The newly created pod stuck in 'CrashLoopBackOff' status, and the log showed:
```
failed to validate config: property "apisix" validation failed: property "stream_proxy" validation failed: property "udp" validation failed: failed to validate item 1: object matches none of the requireds
```
after removing the udp option, it worked, means that setting the stream_proxy.udp option in that way is invalid.
```
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
stream_proxy:
only: false
tcp:
- addr: 9100
tls: true
```
```
curl -sS http://10.104.12.30:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}'
```
```
HTTP/1.1 201 Created
Server: openresty
Date: Mon, 27 Sep 2021 05:12:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 3600
{"action":"set","node":{"key":"\/apisix\/stream_routes\/1","value":{"remote_addr":"127.0.0.1","update_time":1632719554,"create_time":1632719554,"upstream":{"scheme":"http","pass_host":"pass","type":"roundrobin","hash_on":"vars","nodes":{"127.0.0.1:1995":1}},"id":"1"}}}
```
```
curl -sS http://10.104.12.30:9180/apisix/admin/stream_routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' | jq
```
```
{
"node": {
"key": "/apisix/stream_routes",
"dir": true,
"nodes": [
{
"modifiedIndex": 39,
"createdIndex": 39,
"key": "/apisix/stream_routes/1",
"value": {
"remote_addr": "127.0.0.1",
"update_time": 1632719554,
"create_time": 1632719554,
"upstream": {
"scheme": "http",
"pass_host": "pass",
"hash_on": "vars",
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
},
"id": "1"
}
}
]
},
"action": "get",
"count": 1
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org