mirror of
https://github.com/nold360/hive-apps
synced 2024-12-22 21:51:20 +00:00
add(apisix): non-ingress
This commit is contained in:
parent
482cedb64b
commit
6185d6ba50
3 changed files with 473 additions and 85 deletions
|
@ -55,13 +55,20 @@ apps:
|
|||
targetRevision: 10.19.5
|
||||
syncWave: '0'
|
||||
|
||||
- name: apisix
|
||||
- name: apisix-ingress
|
||||
namespace: ingress-apisix
|
||||
repoURL: https://charts.apiseven.com
|
||||
chart: apisix-ingress-controller
|
||||
targetRevision: 0.9.2
|
||||
syncWave: '0'
|
||||
|
||||
- name: apisix
|
||||
namespace: ingress-apisix
|
||||
repoURL: https://charts.apiseven.com
|
||||
chart: apisix
|
||||
targetRevision: 0.9.2
|
||||
syncWave: '0'
|
||||
|
||||
- name: cilium
|
||||
existingNamespace: kube-system
|
||||
repoURL: https://helm.cilium.io
|
||||
|
|
98
projects/core/values/apisix-ingress.yaml
Normal file
98
projects/core/values/apisix-ingress.yaml
Normal file
|
@ -0,0 +1,98 @@
|
|||
image:
|
||||
repository: apache/apisix-ingress-controller
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "1.4.1"
|
||||
|
||||
service:
|
||||
annotations:
|
||||
metallb.universe.tf/address-pool: internal
|
||||
port: 80
|
||||
|
||||
config:
|
||||
logLevel: "info"
|
||||
logOutput: "stderr"
|
||||
# the TLS certificate file path.
|
||||
certFile: "/etc/webhook/certs/cert.pem"
|
||||
# the TLS key file path.
|
||||
keyFile: "/etc/webhook/certs/key.pem"
|
||||
# the HTTP Server listen address, default is ":8080"
|
||||
httpListen: ":8080"
|
||||
# the HTTPS Server listen address, default is ":8443"
|
||||
httpsListen: ":8443"
|
||||
# the controller will use the Endpoint of this Service to
|
||||
# update the status information of the Ingress resource.
|
||||
# The format is "namespace/svc-name" to solve the situation that
|
||||
# the data plane and the controller are not deployed in the same namespace.
|
||||
ingressPublishService: ""
|
||||
ingressStatusAddress: []
|
||||
# enable profiling via web interfaces host:port/debug/pprof, default is true.
|
||||
enableProfiling: true
|
||||
# Kubernetes related configurations.
|
||||
kubernetes:
|
||||
# the Kubernetes configuration file path, default is "", so the in-cluster
|
||||
# configuration will be used.
|
||||
kubeconfig: ""
|
||||
# how long should apisix-ingress-controller re-synchronizes with Kubernetes,
|
||||
# default is 6h,
|
||||
resyncInterval: "6h"
|
||||
# namespace list that controller will watch for resources,
|
||||
# by default all namespaces (represented by "*") are watched.
|
||||
appNamespaces: ["*"]
|
||||
# namespace_selector represent basis for selecting managed namespaces.
|
||||
# the field is support since version 1.4.0
|
||||
# For example, "apisix.ingress=watching", so ingress will watching the namespaces which labels "apisix.ingress=watching"
|
||||
namespaceSelector: [""]
|
||||
# the election id for the controller leader campaign,
|
||||
# only the leader will watch and delivery resource changes,
|
||||
# other instances (as candidates) stand by.
|
||||
electionId: "ingress-apisix-leader"
|
||||
# The class of an Ingress object is set using the field IngressClassName in
|
||||
# Kubernetes clusters version v1.18.0 or higher or the annotation
|
||||
# "kubernetes.io/ingress.class" (deprecated).
|
||||
ingressClass: "apisix"
|
||||
# the supported ingress api group version, can be "networking/v1beta1",
|
||||
# "networking/v1" (for Kubernetes version v1.19.0 or higher), and
|
||||
# "extensions/v1beta1", default is "networking/v1".
|
||||
ingressVersion: "networking/v1"
|
||||
# whether to watch EndpointSlices rather than Endpoints.
|
||||
watchEndpointSlices: false
|
||||
# the supported apisixroute api group version, can be "apisix.apache.org/v2beta1"
|
||||
# "apisix.apache.org/v2beta2" or "apisix.apache.org/v2beta3"
|
||||
apisixRouteVersion: "apisix.apache.org/v2beta3"
|
||||
# whether to enable support for Gateway API.
|
||||
# Note: This feature is currently under development and may not work as expected.
|
||||
# It is not recommended to use it in a production environment.
|
||||
# Before we announce support for it to reach Beta level or GA.
|
||||
enableGatewayAPI: false
|
||||
# APISIX related configurations.
|
||||
apisix:
|
||||
serviceName: apisix-admin
|
||||
serviceNamespace: ingress-apisix
|
||||
servicePort: 9180
|
||||
adminKey: "edd1c9f034335f136f87ad84b625c8f1"
|
||||
clusterName: "default"
|
||||
|
||||
initContainer:
|
||||
image: busybox
|
||||
tag: 1.28
|
||||
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
namespace: "grafana"
|
||||
interval: 15s
|
||||
# @param serviceMonitor.labels ServiceMonitor extra labels
|
||||
labels: {}
|
||||
# @param serviceMonitor.annotations ServiceMonitor annotations
|
||||
annotations: {}
|
||||
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 2000
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
|
@ -1,98 +1,381 @@
|
|||
image:
|
||||
repository: apache/apisix-ingress-controller
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "1.4.1"
|
||||
apisix:
|
||||
# Enable or disable Apache APISIX itself
|
||||
# Set it to false and ingress-controller.enabled=true will deploy only ingress-controller
|
||||
enabled: true
|
||||
|
||||
service:
|
||||
# Enable nginx IPv6 resolver
|
||||
enableIPv6: true
|
||||
|
||||
# Use Pod metadata.uid as the APISIX id.
|
||||
setIDFromPodUID: false
|
||||
|
||||
customLuaSharedDicts: []
|
||||
# - name: foo
|
||||
# size: 10k
|
||||
# - name: bar
|
||||
# size: 1m
|
||||
luaModuleHook:
|
||||
enabled: false
|
||||
# extend lua_package_path to load third party code
|
||||
luaPath: ""
|
||||
# the hook module which will be used to inject third party code into APISIX
|
||||
# use the lua require style like: "module.say_hello"
|
||||
hookPoint: ""
|
||||
# configmap that stores the codes
|
||||
configMapRef:
|
||||
name: ""
|
||||
# mounts decides how to mount the codes to the container.
|
||||
mounts:
|
||||
- key: ""
|
||||
path: ""
|
||||
|
||||
enableCustomizedConfig: false
|
||||
customizedConfig: {}
|
||||
|
||||
image:
|
||||
repository: apache/apisix
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: 2.13.1-alpine
|
||||
|
||||
# Use a `DaemonSet` or `Deployment`
|
||||
kind: Deployment
|
||||
# kind is DaemonSet,replicaCount not become effective
|
||||
replicaCount: 1
|
||||
|
||||
podAnnotations: {}
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
securityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
# See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details
|
||||
podDisruptionBudget:
|
||||
enabled: false
|
||||
minAvailable: 90%
|
||||
maxUnavailable: 1
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# If true, it will sets the anti-affinity of the Pod.
|
||||
podAntiAffinity:
|
||||
enabled: false
|
||||
|
||||
# timezone is the timezone where apisix uses.
|
||||
# For example: "UTC" or "Asia/Shanghai"
|
||||
# This value will be set on apisix container's environment variable TZ.
|
||||
# You may need to set the timezone to be consistent with your local time zone,
|
||||
# otherwise the apisix's logs may used to retrieve event maybe in wrong timezone.
|
||||
timezone: ""
|
||||
|
||||
# extraEnvVars An array to add extra env vars
|
||||
# e.g:
|
||||
# extraEnvVars:
|
||||
# - name: FOO
|
||||
# value: "bar"
|
||||
# - name: FOO2
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: SECRET_NAME
|
||||
# key: KEY
|
||||
extraEnvVars: []
|
||||
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
|
||||
gateway:
|
||||
#type: NodePort
|
||||
# If you want to keep the client source IP, you can set this to Local.
|
||||
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
externalTrafficPolicy: Cluster
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
metallb.universe.tf/address-pool: internal
|
||||
port: 80
|
||||
|
||||
config:
|
||||
logLevel: "info"
|
||||
logOutput: "stderr"
|
||||
# the TLS certificate file path.
|
||||
certFile: "/etc/webhook/certs/cert.pem"
|
||||
# the TLS key file path.
|
||||
keyFile: "/etc/webhook/certs/key.pem"
|
||||
# the HTTP Server listen address, default is ":8080"
|
||||
httpListen: ":8080"
|
||||
# the HTTPS Server listen address, default is ":8443"
|
||||
httpsListen: ":8443"
|
||||
# the controller will use the Endpoint of this Service to
|
||||
# update the status information of the Ingress resource.
|
||||
# The format is "namespace/svc-name" to solve the situation that
|
||||
# the data plane and the controller are not deployed in the same namespace.
|
||||
ingressPublishService: ""
|
||||
ingressStatusAddress: []
|
||||
# enable profiling via web interfaces host:port/debug/pprof, default is true.
|
||||
enableProfiling: true
|
||||
# Kubernetes related configurations.
|
||||
kubernetes:
|
||||
# the Kubernetes configuration file path, default is "", so the in-cluster
|
||||
# configuration will be used.
|
||||
kubeconfig: ""
|
||||
# how long should apisix-ingress-controller re-synchronizes with Kubernetes,
|
||||
# default is 6h,
|
||||
resyncInterval: "6h"
|
||||
# namespace list that controller will watch for resources,
|
||||
# by default all namespaces (represented by "*") are watched.
|
||||
appNamespaces: ["*"]
|
||||
# namespace_selector represent basis for selecting managed namespaces.
|
||||
# the field is support since version 1.4.0
|
||||
# For example, "apisix.ingress=watching", so ingress will watching the namespaces which labels "apisix.ingress=watching"
|
||||
namespaceSelector: [""]
|
||||
# the election id for the controller leader campaign,
|
||||
# only the leader will watch and delivery resource changes,
|
||||
# other instances (as candidates) stand by.
|
||||
electionId: "ingress-apisix-leader"
|
||||
# The class of an Ingress object is set using the field IngressClassName in
|
||||
# Kubernetes clusters version v1.18.0 or higher or the annotation
|
||||
# "kubernetes.io/ingress.class" (deprecated).
|
||||
ingressClass: "apisix"
|
||||
# the supported ingress api group version, can be "networking/v1beta1",
|
||||
# "networking/v1" (for Kubernetes version v1.19.0 or higher), and
|
||||
# "extensions/v1beta1", default is "networking/v1".
|
||||
ingressVersion: "networking/v1"
|
||||
# whether to watch EndpointSlices rather than Endpoints.
|
||||
watchEndpointSlices: false
|
||||
# the supported apisixroute api group version, can be "apisix.apache.org/v2beta1"
|
||||
# "apisix.apache.org/v2beta2" or "apisix.apache.org/v2beta3"
|
||||
apisixRouteVersion: "apisix.apache.org/v2beta3"
|
||||
# whether to enable support for Gateway API.
|
||||
# Note: This feature is currently under development and may not work as expected.
|
||||
# It is not recommended to use it in a production environment.
|
||||
# Before we announce support for it to reach Beta level or GA.
|
||||
enableGatewayAPI: false
|
||||
# APISIX related configurations.
|
||||
apisix:
|
||||
serviceName: apisix-admin
|
||||
serviceNamespace: ingress-apisix
|
||||
servicePort: 9180
|
||||
adminKey: "edd1c9f034335f136f87ad84b625c8f1"
|
||||
clusterName: "default"
|
||||
|
||||
initContainer:
|
||||
image: busybox
|
||||
tag: 1.28
|
||||
|
||||
serviceMonitor:
|
||||
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
||||
externalIPs:
|
||||
- 192.168.1.14
|
||||
http:
|
||||
enabled: true
|
||||
namespace: "grafana"
|
||||
servicePort: 80
|
||||
containerPort: 9080
|
||||
tls:
|
||||
enabled: false
|
||||
servicePort: 443
|
||||
containerPort: 9443
|
||||
existingCASecret: ""
|
||||
certCAFilename: ""
|
||||
http2:
|
||||
enabled: true
|
||||
stream: # L4 proxy (TCP/UDP)
|
||||
enabled: false
|
||||
only: false
|
||||
tcp: []
|
||||
udp: []
|
||||
ingress:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: apisix.local
|
||||
paths: []
|
||||
tls: []
|
||||
# - secretName: apisix-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
|
||||
admin:
|
||||
# Enable Admin API
|
||||
enabled: true
|
||||
# admin service type
|
||||
type: ClusterIP
|
||||
# loadBalancerIP: a.b.c.d
|
||||
# loadBalancerSourceRanges:
|
||||
# - "143.231.0.0/16"
|
||||
externalIPs: []
|
||||
#
|
||||
port: 9180
|
||||
servicePort: 9180
|
||||
# Admin API support CORS response headers
|
||||
cors: true
|
||||
# Admin API credentials
|
||||
credentials:
|
||||
admin: edd1c9f034335f136f87ad84b625c8f1
|
||||
viewer: 4054f7cf07e344346cd3f287985e76a2
|
||||
|
||||
allow:
|
||||
# The ip range for allowing access to Apache APISIX
|
||||
ipList:
|
||||
- 127.0.0.1/24
|
||||
|
||||
|
||||
# APISIX plugins to be enabled
|
||||
plugins:
|
||||
- api-breaker
|
||||
- authz-keycloak
|
||||
- basic-auth
|
||||
- batch-requests
|
||||
- consumer-restriction
|
||||
- cors
|
||||
- echo
|
||||
- fault-injection
|
||||
- grpc-transcode
|
||||
- hmac-auth
|
||||
- http-logger
|
||||
- ip-restriction
|
||||
- ua-restriction
|
||||
- jwt-auth
|
||||
- kafka-logger
|
||||
- key-auth
|
||||
- limit-conn
|
||||
- limit-count
|
||||
- limit-req
|
||||
- node-status
|
||||
- openid-connect
|
||||
- authz-casbin
|
||||
- prometheus
|
||||
- proxy-cache
|
||||
- proxy-mirror
|
||||
- proxy-rewrite
|
||||
- redirect
|
||||
- referer-restriction
|
||||
- request-id
|
||||
- request-validation
|
||||
- response-rewrite
|
||||
- serverless-post-function
|
||||
- serverless-pre-function
|
||||
- sls-logger
|
||||
- syslog
|
||||
- tcp-logger
|
||||
- udp-logger
|
||||
- uri-blocker
|
||||
- wolf-rbac
|
||||
- zipkin
|
||||
- traffic-split
|
||||
- gzip
|
||||
- real-ip
|
||||
- ext-plugin-pre-req
|
||||
- ext-plugin-post-req
|
||||
stream_plugins:
|
||||
- mqtt-proxy
|
||||
- ip-restriction
|
||||
- limit-conn
|
||||
|
||||
pluginAttrs: {}
|
||||
|
||||
extPlugin:
|
||||
enabled: false
|
||||
cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
|
||||
|
||||
# customPlugins allows you to mount your own HTTP plugins.
|
||||
customPlugins:
|
||||
enabled: false
|
||||
# the lua_path that tells APISIX where it can find plugins,
|
||||
# note the last ';' is required.
|
||||
luaPath: "/opts/custom_plugins/?.lua"
|
||||
plugins:
|
||||
# plugin name.
|
||||
- name: ""
|
||||
# plugin attrs
|
||||
attrs: |
|
||||
# plugin codes can be saved inside configmap object.
|
||||
configMap:
|
||||
# name of configmap.
|
||||
name: ""
|
||||
# since keys in configmap is flat, mountPath allows to define the mount
|
||||
# path, so that plugin codes can be mounted hierarchically.
|
||||
mounts:
|
||||
- key: ""
|
||||
path: ""
|
||||
- key: ""
|
||||
path: ""
|
||||
|
||||
updateStrategy: {}
|
||||
# type: RollingUpdate
|
||||
|
||||
extraVolumes: []
|
||||
# - name: extras
|
||||
# emptyDir: {}
|
||||
|
||||
extraVolumeMounts: []
|
||||
# - name: extras
|
||||
# mountPath: /usr/share/extras
|
||||
# readOnly: true
|
||||
|
||||
discovery:
|
||||
enabled: false
|
||||
registry:
|
||||
# Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
|
||||
# reference:
|
||||
# https://apisix.apache.org/docs/apisix/discovery#configuration-for-eureka
|
||||
# https://apisix.apache.org/docs/apisix/discovery/dns#service-discovery-via-dns
|
||||
# https://apisix.apache.org/docs/apisix/discovery/consul_kv#configuration-for-consul-kv
|
||||
# https://apisix.apache.org/docs/apisix/discovery/nacos#configuration-for-nacos
|
||||
#
|
||||
# an eureka example:
|
||||
# eureka:
|
||||
# host:
|
||||
# - "http://${username}:${password}@${eureka_host1}:${eureka_port1}"
|
||||
# - "http://${username}:${password}@${eureka_host2}:${eureka_port2}"
|
||||
# prefix: "/eureka/"
|
||||
# fetch_interval: 30
|
||||
# weight: 100
|
||||
# timeout:
|
||||
# connect: 2000
|
||||
# send: 2000
|
||||
# read: 5000
|
||||
|
||||
# access log and error log configuration
|
||||
logs:
|
||||
enableAccessLog: true
|
||||
accessLog: "/dev/stdout"
|
||||
accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"'
|
||||
accessLogFormatEscape: default
|
||||
errorLog: "/dev/stderr"
|
||||
errorLogLevel: "warn"
|
||||
|
||||
dns:
|
||||
resolvers:
|
||||
- 192.168.1.53
|
||||
- 192.168.1.1
|
||||
validity: 30
|
||||
timeout: 5
|
||||
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 100
|
||||
targetCPUUtilizationPercentage: 80
|
||||
targetMemoryUtilizationPercentage: 80
|
||||
|
||||
# Custom configuration snippet.
|
||||
configurationSnippet:
|
||||
main: |
|
||||
|
||||
httpStart: |
|
||||
|
||||
httpEnd: |
|
||||
|
||||
httpSrv: |
|
||||
|
||||
httpAdmin: |
|
||||
|
||||
stream: |
|
||||
|
||||
# Observability configuration.
|
||||
# ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
# namespace where the serviceMonitor is deployed, by default, it is the same as the namespace of the apisix
|
||||
namespace: ""
|
||||
# name of the serviceMonitor, by default, it is the same as the apisix fullname
|
||||
name: ""
|
||||
# interval at which metrics should be scraped
|
||||
interval: 15s
|
||||
# path of the metrics endpoint
|
||||
path: /apisix/prometheus/metrics
|
||||
# prefix of the metrics
|
||||
metricPrefix: apisix_
|
||||
# container port where the metrics are exposed
|
||||
containerPort: 9091
|
||||
# @param serviceMonitor.labels ServiceMonitor extra labels
|
||||
labels: {}
|
||||
# @param serviceMonitor.annotations ServiceMonitor annotations
|
||||
annotations: {}
|
||||
|
||||
# etcd configuration
|
||||
# use the FQDN address or the IP of the etcd
|
||||
etcd:
|
||||
# install etcd(v3) by default, set false if do not want to install etcd(v3) together
|
||||
enabled: true
|
||||
host:
|
||||
- http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
|
||||
prefix: "/apisix"
|
||||
timeout: 30
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 2000
|
||||
# if etcd.enabled is true, set more values of bitnami/etcd helm chart
|
||||
auth:
|
||||
rbac:
|
||||
# No authentication by default
|
||||
create: false
|
||||
user: ""
|
||||
password: ""
|
||||
tls:
|
||||
enabled: false
|
||||
existingSecret: ""
|
||||
certFilename: ""
|
||||
certKeyFilename: ""
|
||||
verify: true
|
||||
sni: ""
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
service:
|
||||
port: 2379
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
dashboard:
|
||||
enabled: true
|
||||
|
||||
ingress-controller:
|
||||
enabled: true
|
||||
|
|
Loading…
Reference in a new issue