You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by tz...@apache.org on 2022/10/09 09:01:09 UTC
[apisix-helm-chart] branch master updated: change: sync config of APISIX V3 version (#357)
This is an automated email from the ASF dual-hosted git repository.
tzssangglass pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 7ddeca5 change: sync config of APISIX V3 version (#357)
7ddeca5 is described below
commit 7ddeca5395a2de96acd06bada30f3ab3580a6252
Author: tzssangglass <tz...@gmail.com>
AuthorDate: Sun Oct 9 17:01:05 2022 +0800
change: sync config of APISIX V3 version (#357)
---
charts/apisix/templates/configmap.yaml | 752 ++++++++++++++++++++++-----------
1 file changed, 514 insertions(+), 238 deletions(-)
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 999b913..03eb3c0 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -28,276 +28,552 @@ data:
{{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 6 }}
{{- end }}
{{- else }}
- config.yaml: |-
- #
- # Licensed to the Apache Software Foundation (ASF) under one or more
- # contributor license agreements. See the NOTICE file distributed with
- # this work for additional information regarding copyright ownership.
- # The ASF licenses this file to You under the Apache License, Version 2.0
- # (the "License"); you may not use this file except in compliance with
- # the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- apisix:
- node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
- enable_heartbeat: true
- enable_admin: {{ .Values.admin.enabled }}
- enable_admin_cors: {{ .Values.admin.cors }}
- enable_debug: false
- {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
- extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
- {{- end }}
-
- {{- if .Values.apisix.luaModuleHook.enabled }}
- lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
- {{- end }}
+ {{- if semverCompare ">=2.99.0" .Values.apisix.image.tag }}
+ config.yaml: |-
+ #
+ # Licensed to the Apache Software Foundation (ASF) under one or more
+ # contributor license agreements. See the NOTICE file distributed with
+ # this work for additional information regarding copyright ownership.
+ # The ASF licenses this file to You under the Apache License, Version 2.0
+ # (the "License"); you may not use this file except in compliance with
+ # the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ apisix:
+ node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
+ enable_heartbeat: true
+ enable_admin: {{ .Values.admin.enabled }}
+ enable_admin_cors: {{ .Values.admin.cors }}
+ enable_debug: false
+ {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
+ extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
+ {{- end }}
- enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
- enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
- enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
- enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
- config_center: etcd # etcd: use etcd to store the config value
- # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
+ {{- end }}
- #proxy_protocol: # Proxy Protocol configuration
- # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
- # This port can only receive http request with proxy protocol, but node_listen & port_admin
- # can only receive http request. If you enable proxy protocol, you must use this port to
- # receive http request with proxy protocol
- # listen_https_port: 9182 # The port with proxy protocol for https
- # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
- # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
+ enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
+ enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
+ enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
+ enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
- proxy_cache: # Proxy Caching configuration
- cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
- zones: # The parameters of a cache
- - name: disk_cache_one # The name of the cache, administrator can be specify
- # which cache to use by name in the admin api
- memory_size: 50m # The size of shared memory, it's used to store the cache index
- disk_size: 1G # The size of disk, it's used to store the cache data
- disk_path: "/tmp/disk_cache_one" # The path to store the cache data
- cache_levels: "1:2" # The hierarchy levels of a cache
- # - name: disk_cache_two
- # memory_size: 50m
- # disk_size: 1G
- # disk_path: "/tmp/disk_cache_two"
- # cache_levels: "1:2"
+ #proxy_protocol: # Proxy Protocol configuration
+ # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and admin_listen.
+ # This port can only receive http request with proxy protocol, but node_listen & admin_listen
+ # can only receive http request. If you enable proxy protocol, you must use this port to
+ # receive http request with proxy protocol
+ # listen_https_port: 9182 # The port with proxy protocol for https
+ # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
+ # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
- allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- {{- if .Values.admin.allow.ipList }}
- {{- range $ips := .Values.admin.allow.ipList }}
- - {{ $ips }}
- {{- end }}
- {{- else }}
- - 0.0.0.0/0
- {{- end}}
- {{- if or (index .Values "ingress-controller" "enabled") .Values.dashboard.enabled }}
- - 0.0.0.0/0
- {{- end}}
- # - "::/64"
- {{- if .Values.admin.enabled }}
- port_admin: {{ .Values.admin.port }}
- {{- end }}
+ proxy_cache: # Proxy Caching configuration
+ cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
+ zones: # The parameters of a cache
+ - name: disk_cache_one # The name of the cache, administrator can be specify
+ # which cache to use by name in the admin api
+ memory_size: 50m # The size of shared memory, it's used to store the cache index
+ disk_size: 1G # The size of disk, it's used to store the cache data
+ disk_path: "/tmp/disk_cache_one" # The path to store the cache data
+ cache_levels: "1:2" # The hierarchy levels of a cache
+ # - name: disk_cache_two
+ # memory_size: 50m
+ # disk_size: 1G
+ # disk_path: "/tmp/disk_cache_two"
+ # cache_levels: "1:2"
- # Default token when use API to call for Admin API.
- # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
- # Disabling this configuration item means that the Admin API does not
- # require any authentication.
- admin_key:
- # admin: can everything for configuration data
- - name: "admin"
- key: {{ .Values.admin.credentials.admin }}
- role: admin
- # viewer: only can view configuration data
- - name: "viewer"
- key: {{ .Values.admin.credentials.viewer }}
- role: viewer
- router:
- http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
- # radixtree_host_uri: match route by host + uri(base on radixtree)
- # radixtree_uri_with_parameter: match route by uri with parameters
- ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
- {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
- stream_proxy: # TCP/UDP proxy
- only: {{ .Values.gateway.stream.only }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
- tcp: # TCP proxy port list
- {{- if gt (len .Values.gateway.stream.tcp) 0}}
- {{- range .Values.gateway.stream.tcp }}
- - {{ . }}
+ router:
+ http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
+ # radixtree_host_uri: match route by host + uri(base on radixtree)
+ # radixtree_uri_with_parameter: match route by uri with parameters
+ ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
+ {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
+ stream_proxy: # TCP/UDP proxy
+ only: {{ .Values.gateway.stream.only }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
+ tcp: # TCP proxy port list
+ {{- if gt (len .Values.gateway.stream.tcp) 0}}
+ {{- range .Values.gateway.stream.tcp }}
+ - {{ . }}
+ {{- end }}
+ {{- else}}
+ - 9100
+ {{- end }}
{{- end }}
- {{- else}}
- - 9100
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
+ udp: # UDP proxy port list
+ {{- if gt (len .Values.gateway.stream.udp) 0}}
+ {{- range .Values.gateway.stream.udp }}
+ - {{ . }}
+ {{- end }}
+ {{- else}}
+ - 9200
+ {{- end }}
{{- end }}
{{- end }}
- {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
- udp: # UDP proxy port list
- {{- if gt (len .Values.gateway.stream.udp) 0}}
- {{- range .Values.gateway.stream.udp }}
- - {{ . }}
+ # dns_resolver:
+ # {{- range $resolver := .Values.dns.resolvers }}
+ # - {{ $resolver }}
+ # {{- end }}
+ dns_resolver_valid: {{.Values.dns.validity}}
+ resolver_timeout: {{.Values.dns.timeout}}
+ ssl:
+ enable: {{ .Values.gateway.tls.enabled }}
+ listen:
+ - port: {{ .Values.gateway.tls.containerPort }}
+ enable_http2: {{ .Values.gateway.tls.http2.enabled }}
+ ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
+ ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RS [...]
+ {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
+ ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
{{- end }}
- {{- else}}
- - 9200
+
+ nginx_config: # config for render the template to genarate nginx.conf
+ error_log: "{{ .Values.logs.errorLog }}"
+ error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
+ worker_processes: "{{ .Values.nginx.workerProcesses }}"
+ enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
+ worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
+ event:
+ worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
+ {{- with .Values.nginx.envs }}
+ envs:
+ {{- range $env := . }}
+ - {{ $env }}
+ {{- end }}
+ {{- end }}
+ http:
+ enable_access_log: {{ .Values.logs.enableAccessLog }}
+ {{- if .Values.logs.enableAccessLog }}
+ access_log: "{{ .Values.logs.accessLog }}"
+ access_log_format: "{{ .Values.logs.accessLogFormat }}"
+ access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
{{- end }}
+ keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
+ client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
+ client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
+ send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
+ underscores_in_headers: "on" # default enables the use of underscores in client request header fields
+ real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+ real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
+ - 127.0.0.1
+ - 'unix:'
+ {{- if .Values.apisix.customLuaSharedDicts }}
+ custom_lua_shared_dict: # add custom shared cache to nginx.conf
+ {{- range $dict := .Values.apisix.customLuaSharedDicts }}
+ {{ $dict.name }}: {{ $dict.size }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.main }}
+ main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
{{- end }}
- {{- end }}
- # dns_resolver:
- # {{- range $resolver := .Values.dns.resolvers }}
- # - {{ $resolver }}
- # {{- end }}
- dns_resolver_valid: {{.Values.dns.validity}}
- resolver_timeout: {{.Values.dns.timeout}}
- ssl:
- enable: {{ .Values.gateway.tls.enabled }}
- enable_http2: {{ .Values.gateway.tls.http2.enabled }}
- listen_port: {{ .Values.gateway.tls.containerPort }}
- ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
- ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- [...]
- {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
+ {{- if .Values.configurationSnippet.httpStart }}
+ http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
{{- end }}
-
- nginx_config: # config for render the template to genarate nginx.conf
- error_log: "{{ .Values.logs.errorLog }}"
- error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
- worker_processes: "{{ .Values.nginx.workerProcesses }}"
- enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
- worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
- event:
- worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
- {{- with .Values.nginx.envs }}
- envs:
- {{- range $env := . }}
- - {{ $env }}
- {{- end }}
- {{- end }}
- http:
- enable_access_log: {{ .Values.logs.enableAccessLog }}
- {{- if .Values.logs.enableAccessLog }}
- access_log: "{{ .Values.logs.accessLog }}"
- access_log_format: "{{ .Values.logs.accessLogFormat }}"
- access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
+ {{- if .Values.configurationSnippet.httpEnd }}
+ http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
{{- end }}
- keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
- client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
- client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
- send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
- underscores_in_headers: "on" # default enables the use of underscores in client request header fields
- real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
- real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- - 127.0.0.1
- - 'unix:'
- {{- if .Values.apisix.customLuaSharedDicts }}
- custom_lua_shared_dict: # add custom shared cache to nginx.conf
- {{- range $dict := .Values.apisix.customLuaSharedDicts }}
- {{ $dict.name }}: {{ $dict.size }}
+ {{- if .Values.configurationSnippet.httpSrv }}
+ http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
{{- end }}
+ {{- if .Values.configurationSnippet.httpAdmin }}
+ http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.stream }}
+ stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
+ {{- end }}
+
+ {{- if .Values.discovery.enabled }}
+ discovery:
+ {{- range $key, $value := .Values.discovery.registry }}
+ {{ $key }}:
+ {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
{{- end }}
- {{- if .Values.configurationSnippet.main }}
- main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.httpStart }}
- http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
+
+ {{- if .Values.vault.enabled }}
+ vault:
+ host: {{ .Values.vault.host }}
+ timeout: {{ .Values.vault.timeout }}
+ token: {{ .Values.vault.token }}
+ prefix: {{ .Values.vault.prefix }}
{{- end }}
- {{- if .Values.configurationSnippet.httpEnd }}
- http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
+
+ {{- if .Values.plugins }}
+ plugins: # plugin list
+ {{- range $plugin := .Values.plugins }}
+ - {{ $plugin }}
{{- end }}
- {{- if .Values.configurationSnippet.httpSrv }}
- http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
+ {{- if .Values.customPlugins.enabled }}
+ {{- range $plugin := .Values.customPlugins.plugins }}
+ - {{ $plugin.name }}
{{- end }}
- {{- if .Values.configurationSnippet.httpAdmin }}
- http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
{{- end }}
- {{- if .Values.configurationSnippet.stream }}
- stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
+ {{- end }}
+ stream_plugins:
+ {{- range $plugin := .Values.stream_plugins }}
+ - {{ $plugin }}
+ {{- end }}
+
+ {{- if .Values.extPlugin.enabled }}
+ ext-plugin:
+ cmd:
+ {{- range $arg := .Values.extPlugin.cmd }}
+ - {{ $arg }}
+ {{- end }}
{{- end }}
- etcd:
- {{- if .Values.etcd.enabled }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- {{- if .Values.etcd.fullnameOverride }}
- - "http://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
+ {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
+ {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
+ {{- if gt (len $pluginAttrs) 0 }}
+ plugin_attr: {{- $pluginAttrs | nindent 6 }}
+ {{- if .Values.wasmPlugins.enabled }}
+ wasm:
+ plugins:
+ {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
+ {{- end }}
+ deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+ {{- if .Values.admin.allow.ipList }}
+ {{- range $ips := .Values.admin.allow.ipList }}
+ - {{ $ips }}
+ {{- end }}
+ {{- else }}
+ - 0.0.0.0/0
+ {{- end}}
+ {{- if or (index .Values "ingress-controller" "enabled") .Values.dashboard.enabled }}
+ - 0.0.0.0/0
+ {{- end}}
+ # - "::/64"
+ {{- if .Values.admin.enabled }}
+ admin_listen:
+ ip: 0.0.0.0
+ port: {{ .Values.admin.port }}
+ {{- end }}
+ # Default token when use API to call for Admin API.
+ # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
+ # Disabling this configuration item means that the Admin API does not
+ # require any authentication.
+ admin_key:
+ # admin: can everything for configuration data
+ - name: "admin"
+ key: {{ .Values.admin.credentials.admin }}
+ role: admin
+ # viewer: only can view configuration data
+ - name: "viewer"
+ key: {{ .Values.admin.credentials.viewer }}
+ role: viewer
+ etcd:
+ {{- if .Values.etcd.enabled }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- if .Values.etcd.fullnameOverride }}
+ - "http://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
+ {{- else }}
+ - "http://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
+ {{- end}}
{{- else }}
- - "http://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
- {{- end}}
- {{- else }}
- host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- {{- range $value := .Values.etcd.host }}
- - "{{ $value }}" # multiple etcd address
- {{- end}}
- {{- end }}
- prefix: {{ .Values.etcd.prefix | quote }} # apisix configurations prefix
- timeout: {{ .Values.etcd.timeout }} # 30 seconds
- {{- if .Values.etcd.auth.rbac.create }}
- user: {{ .Values.etcd.auth.rbac.user | quote }}
- password: {{ .Values.etcd.auth.rbac.password | quote }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- range $value := .Values.etcd.host }}
+ - "{{ $value }}" # multiple etcd address
+ {{- end}}
+ {{- end }}
+ prefix: {{ .Values.etcd.prefix | quote }} # configuration prefix in etcd
+ timeout: {{ .Values.etcd.timeout }} # 30 seconds
+ {{- if .Values.etcd.auth.rbac.create }}
+ user: {{ .Values.etcd.auth.rbac.user | quote }}
+ password: {{ .Values.etcd.auth.rbac.password | quote }}
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ tls:
+ cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
+ key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
+ verify: {{ .Values.etcd.auth.tls.verify }}
+ sni: "{{ .Values.etcd.auth.tls.sni }}"
+ {{- end }}
{{- end }}
- {{- if .Values.etcd.auth.tls.enabled }}
- tls:
- cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
- key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
- verify: {{ .Values.etcd.auth.tls.verify }}
- sni: "{{ .Values.etcd.auth.tls.sni }}"
{{- end }}
+ {{- else }}
+ config.yaml: |-
+ #
+ # Licensed to the Apache Software Foundation (ASF) under one or more
+ # contributor license agreements. See the NOTICE file distributed with
+ # this work for additional information regarding copyright ownership.
+ # The ASF licenses this file to You under the Apache License, Version 2.0
+ # (the "License"); you may not use this file except in compliance with
+ # the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ apisix:
+ node_listen: {{ .Values.gateway.http.containerPort }} # APISIX listening port
+ enable_heartbeat: true
+ enable_admin: {{ .Values.admin.enabled }}
+ enable_admin_cors: {{ .Values.admin.cors }}
+ enable_debug: false
+ {{- if or .Values.customPlugins.enabled .Values.apisix.luaModuleHook.enabled }}
+ extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
+ {{- end }}
+
+ {{- if .Values.apisix.luaModuleHook.enabled }}
+ lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
+ {{- end }}
+
+ enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
+ enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
+ enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
+ enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header
+ config_center: etcd # etcd: use etcd to store the config value
+ # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
+
+ #proxy_protocol: # Proxy Protocol configuration
+ # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
+ # This port can only receive http request with proxy protocol, but node_listen & port_admin
+ # can only receive http request. If you enable proxy protocol, you must use this port to
+ # receive http request with proxy protocol
+ # listen_https_port: 9182 # The port with proxy protocol for https
+ # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
+ # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
+
+ proxy_cache: # Proxy Caching configuration
+ cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
+ zones: # The parameters of a cache
+ - name: disk_cache_one # The name of the cache, administrator can be specify
+ # which cache to use by name in the admin api
+ memory_size: 50m # The size of shared memory, it's used to store the cache index
+ disk_size: 1G # The size of disk, it's used to store the cache data
+ disk_path: "/tmp/disk_cache_one" # The path to store the cache data
+ cache_levels: "1:2" # The hierarchy levels of a cache
+ # - name: disk_cache_two
+ # memory_size: 50m
+ # disk_size: 1G
+ # disk_path: "/tmp/disk_cache_two"
+ # cache_levels: "1:2"
+
+ allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+ {{- if .Values.admin.allow.ipList }}
+ {{- range $ips := .Values.admin.allow.ipList }}
+ - {{ $ips }}
+ {{- end }}
+ {{- else }}
+ - 0.0.0.0/0
+ {{- end}}
+ {{- if or (index .Values "ingress-controller" "enabled") .Values.dashboard.enabled }}
+ - 0.0.0.0/0
+ {{- end}}
+ # - "::/64"
+ {{- if .Values.admin.enabled }}
+ port_admin: {{ .Values.admin.port }}
+ {{- end }}
+
+ # Default token when use API to call for Admin API.
+ # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
+ # Disabling this configuration item means that the Admin API does not
+ # require any authentication.
+ admin_key:
+ # admin: can everything for configuration data
+ - name: "admin"
+ key: {{ .Values.admin.credentials.admin }}
+ role: admin
+ # viewer: only can view configuration data
+ - name: "viewer"
+ key: {{ .Values.admin.credentials.viewer }}
+ role: viewer
+ router:
+ http: {{ .Values.apisix.httpRouter }} # radixtree_uri: match route by uri(base on radixtree)
+ # radixtree_host_uri: match route by host + uri(base on radixtree)
+ # radixtree_uri_with_parameter: match route by uri with parameters
+ ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
+ {{- if or (index .Values "ingress-controller" "enabled") (and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0))) }}
+ stream_proxy: # TCP/UDP proxy
+ only: {{ .Values.gateway.stream.only }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.tcp) 0) }}
+ tcp: # TCP proxy port list
+ {{- if gt (len .Values.gateway.stream.tcp) 0}}
+ {{- range .Values.gateway.stream.tcp }}
+ - {{ . }}
+ {{- end }}
+ {{- else}}
+ - 9100
+ {{- end }}
+ {{- end }}
+ {{- if or (index .Values "ingress-controller" "enabled") (gt (len .Values.gateway.stream.udp) 0) }}
+ udp: # UDP proxy port list
+ {{- if gt (len .Values.gateway.stream.udp) 0}}
+ {{- range .Values.gateway.stream.udp }}
+ - {{ . }}
+ {{- end }}
+ {{- else}}
+ - 9200
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ # dns_resolver:
+ # {{- range $resolver := .Values.dns.resolvers }}
+ # - {{ $resolver }}
+ # {{- end }}
+ dns_resolver_valid: {{.Values.dns.validity}}
+ resolver_timeout: {{.Values.dns.timeout}}
+ ssl:
+ enable: {{ .Values.gateway.tls.enabled }}
+ enable_http2: {{ .Values.gateway.tls.http2.enabled }}
+ listen_port: {{ .Values.gateway.tls.containerPort }}
+ ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
+ ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RS [...]
+ {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
+ ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
+ {{- end }}
- {{- if .Values.discovery.enabled }}
- discovery:
- {{- range $key, $value := .Values.discovery.registry }}
- {{ $key }}:
- {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
+ nginx_config: # config for render the template to genarate nginx.conf
+ error_log: "{{ .Values.logs.errorLog }}"
+ error_log_level: "{{ .Values.logs.errorLogLevel }}" # warn,error
+ worker_processes: "{{ .Values.nginx.workerProcesses }}"
+ enable_cpu_affinity: {{ and true .Values.nginx.enableCPUAffinity }}
+ worker_rlimit_nofile: {{ default "20480" .Values.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections
+ event:
+ worker_connections: {{ default "10620" .Values.nginx.workerConnections }}
+ {{- with .Values.nginx.envs }}
+ envs:
+ {{- range $env := . }}
+ - {{ $env }}
+ {{- end }}
+ {{- end }}
+ http:
+ enable_access_log: {{ .Values.logs.enableAccessLog }}
+ {{- if .Values.logs.enableAccessLog }}
+ access_log: "{{ .Values.logs.accessLog }}"
+ access_log_format: "{{ .Values.logs.accessLogFormat }}"
+ access_log_format_escape: {{ .Values.logs.accessLogFormatEscape }}
+ {{- end }}
+ keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
+ client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
+ client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
+ send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
+ underscores_in_headers: "on" # default enables the use of underscores in client request header fields
+ real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+ real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
+ - 127.0.0.1
+ - 'unix:'
+ {{- if .Values.apisix.customLuaSharedDicts }}
+ custom_lua_shared_dict: # add custom shared cache to nginx.conf
+ {{- range $dict := .Values.apisix.customLuaSharedDicts }}
+ {{ $dict.name }}: {{ $dict.size }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.main }}
+ main_configuration_snippet: {{- toYaml .Values.configurationSnippet.main | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.httpStart }}
+ http_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpStart | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.httpEnd }}
+ http_end_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpEnd | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.httpSrv }}
+ http_server_configuration_snippet: {{- toYaml .Values.configurationSnippet.httpSrv | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.httpAdmin }}
+ http_admin_configuration_snippet: {{ toYaml .Values.configurationSnippet.httpAdmin | indent 6 }}
+ {{- end }}
+ {{- if .Values.configurationSnippet.stream }}
+ stream_configuration_snippet: {{- toYaml .Values.configurationSnippet.stream | indent 6 }}
+ {{- end }}
+
+ etcd:
+ {{- if .Values.etcd.enabled }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- if .Values.etcd.fullnameOverride }}
+ - "http://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}"
+ {{- else }}
+ - "http://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }}:{{ .Values.etcd.service.port }}"
+ {{- end}}
+ {{- else }}
+ host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
+ {{- range $value := .Values.etcd.host }}
+ - "{{ $value }}" # multiple etcd address
+ {{- end}}
{{- end }}
- {{- end }}
+ prefix: {{ .Values.etcd.prefix | quote }} # apisix configurations prefix
+ timeout: {{ .Values.etcd.timeout }} # 30 seconds
+ {{- if .Values.etcd.auth.rbac.create }}
+ user: {{ .Values.etcd.auth.rbac.user | quote }}
+ password: {{ .Values.etcd.auth.rbac.password | quote }}
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ tls:
+ cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
+ key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
+ verify: {{ .Values.etcd.auth.tls.verify }}
+ sni: "{{ .Values.etcd.auth.tls.sni }}"
+ {{- end }}
- {{- if .Values.vault.enabled }}
- vault:
- host: {{ .Values.vault.host }}
- timeout: {{ .Values.vault.timeout }}
- token: {{ .Values.vault.token }}
- prefix: {{ .Values.vault.prefix }}
- {{- end }}
+ {{- if .Values.discovery.enabled }}
+ discovery:
+ {{- range $key, $value := .Values.discovery.registry }}
+ {{ $key }}:
+ {{- include "apisix.tplvalues.render" (dict "value" $value "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
- {{- if .Values.plugins }}
- plugins: # plugin list
- {{- range $plugin := .Values.plugins }}
- - {{ $plugin }}
- {{- end }}
- {{- if .Values.customPlugins.enabled }}
- {{- range $plugin := .Values.customPlugins.plugins }}
- - {{ $plugin.name }}
- {{- end }}
- {{- end }}
- {{- end }}
- stream_plugins:
- {{- range $plugin := .Values.stream_plugins }}
- - {{ $plugin }}
- {{- end }}
+ {{- if .Values.vault.enabled }}
+ vault:
+ host: {{ .Values.vault.host }}
+ timeout: {{ .Values.vault.timeout }}
+ token: {{ .Values.vault.token }}
+ prefix: {{ .Values.vault.prefix }}
+ {{- end }}
- {{- if .Values.extPlugin.enabled }}
- ext-plugin:
- cmd:
- {{- range $arg := .Values.extPlugin.cmd }}
- - {{ $arg }}
+ {{- if .Values.plugins }}
+ plugins: # plugin list
+ {{- range $plugin := .Values.plugins }}
+ - {{ $plugin }}
+ {{- end }}
+ {{- if .Values.customPlugins.enabled }}
+ {{- range $plugin := .Values.customPlugins.plugins }}
+ - {{ $plugin.name }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ stream_plugins:
+ {{- range $plugin := .Values.stream_plugins }}
+ - {{ $plugin }}
{{- end }}
- {{- end }}
- {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
- {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
- {{- if gt (len $pluginAttrs) 0 }}
- plugin_attr: {{- $pluginAttrs | nindent 6 }}
- {{- end }}
- {{- end }}
+ {{- if .Values.extPlugin.enabled }}
+ ext-plugin:
+ cmd:
+ {{- range $arg := .Values.extPlugin.cmd }}
+ - {{ $arg }}
+ {{- end }}
+ {{- end }}
- {{- if .Values.wasmPlugins.enabled }}
- wasm:
- plugins:
- {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
- {{- end }}
+ {{- if or .Values.pluginAttrs .Values.customPlugins.enabled .Values.serviceMonitor.enabled}}
+ {{- $pluginAttrs := include "apisix.pluginAttrs" . -}}
+ {{- if gt (len $pluginAttrs) 0 }}
+ plugin_attr: {{- $pluginAttrs | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.wasmPlugins.enabled }}
+ wasm:
+ plugins:
+ {{- toYaml .Values.wasmPlugins.plugins | nindent 8 }}
+ {{- end }}
+ {{- end }}
{{- end }}
{{- end }}