apisix: # Enable or disable Apache APISIX itself # Set it to false and ingress-controller.enabled=true will deploy only ingress-controller enabled: true # Enable nginx IPv6 resolver enableIPv6: true # Use Pod metadata.uid as the APISIX id. setIDFromPodUID: false customLuaSharedDicts: [] # - name: foo # size: 10k # - name: bar # size: 1m luaModuleHook: enabled: false # extend lua_package_path to load third party code luaPath: "" # the hook module which will be used to inject third party code into APISIX # use the lua require style like: "module.say_hello" hookPoint: "" # configmap that stores the codes configMapRef: name: "" # mounts decides how to mount the codes to the container. mounts: - key: "" path: "" enableCustomizedConfig: false customizedConfig: {} image: repository: apache/apisix pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: 2.13.1-alpine # Use a `DaemonSet` or `Deployment` kind: Deployment # kind is DaemonSet,replicaCount not become effective replicaCount: 1 podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 # See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details podDisruptionBudget: enabled: false minAvailable: 90% maxUnavailable: 1 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} # If true, it will sets the anti-affinity of the Pod. podAntiAffinity: enabled: false # timezone is the timezone where apisix uses. # For example: "UTC" or "Asia/Shanghai" # This value will be set on apisix container's environment variable TZ. # You may need to set the timezone to be consistent with your local time zone, # otherwise the apisix's logs may used to retrieve event maybe in wrong timezone. timezone: "" # extraEnvVars An array to add extra env vars # e.g: # extraEnvVars: # - name: FOO # value: "bar" # - name: FOO2 # valueFrom: # secretKeyRef: # name: SECRET_NAME # key: KEY extraEnvVars: [] nameOverride: "" fullnameOverride: "" gateway: #type: NodePort # If you want to keep the client source IP, you can set this to Local. # ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: Cluster type: LoadBalancer annotations: metallb.universe.tf/address-pool: internal # service.beta.kubernetes.io/aws-load-balancer-type: nlb externalIPs: - 192.168.1.14 http: enabled: true servicePort: 80 containerPort: 9080 tls: enabled: true servicePort: 443 containerPort: 9443 existingCASecret: "" certCAFilename: "" http2: enabled: true stream: # L4 proxy (TCP/UDP) enabled: false only: false tcp: [] udp: [] ingress: enabled: true annotations: kubernetes.io/ingress.class: apisix cert-manager.io/cluster-issuer: vault-issuer # kubernetes.io/tls-acme: "true" hosts: - host: api.six paths: - '/' tls: - secretName: apisix-tls hosts: - api.six admin: # Enable Admin API enabled: true # admin service type type: ClusterIP # loadBalancerIP: a.b.c.d # loadBalancerSourceRanges: # - "143.231.0.0/16" externalIPs: [] # port: 9180 servicePort: 9180 # Admin API support CORS response headers cors: true # Admin API credentials credentials: admin: edd1c9f034335f136f87ad84b625c8f1 viewer: 4054f7cf07e344346cd3f287985e76a2 allow: # The ip range for allowing access to Apache APISIX ipList: - 127.0.0.1/24 # APISIX plugins to be enabled plugins: - api-breaker - authz-keycloak - basic-auth - batch-requests - consumer-restriction - cors - echo - fault-injection - grpc-transcode - hmac-auth - http-logger - ip-restriction - ua-restriction - jwt-auth - kafka-logger - key-auth - limit-conn - limit-count - limit-req - node-status - openid-connect - authz-casbin - prometheus - proxy-cache - proxy-mirror - proxy-rewrite - redirect - referer-restriction - request-id - request-validation - response-rewrite - serverless-post-function - serverless-pre-function - sls-logger - syslog - tcp-logger - udp-logger - uri-blocker - wolf-rbac - zipkin - traffic-split - gzip - real-ip - ext-plugin-pre-req - ext-plugin-post-req stream_plugins: - mqtt-proxy - ip-restriction - limit-conn pluginAttrs: {} extPlugin: enabled: false cmd: ["/path/to/apisix-plugin-runner/runner", "run"] # customPlugins allows you to mount your own HTTP plugins. customPlugins: enabled: false # the lua_path that tells APISIX where it can find plugins, # note the last ';' is required. luaPath: "/opts/custom_plugins/?.lua" plugins: # plugin name. - name: "" # plugin attrs attrs: | # plugin codes can be saved inside configmap object. configMap: # name of configmap. name: "" # since keys in configmap is flat, mountPath allows to define the mount # path, so that plugin codes can be mounted hierarchically. mounts: - key: "" path: "" - key: "" path: "" updateStrategy: {} # type: RollingUpdate extraVolumes: [] # - name: extras # emptyDir: {} extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true discovery: enabled: false registry: # Integration service discovery registry. E.g eureka\dns\nacos\consul_kv # reference: # https://apisix.apache.org/docs/apisix/discovery#configuration-for-eureka # https://apisix.apache.org/docs/apisix/discovery/dns#service-discovery-via-dns # https://apisix.apache.org/docs/apisix/discovery/consul_kv#configuration-for-consul-kv # https://apisix.apache.org/docs/apisix/discovery/nacos#configuration-for-nacos # # an eureka example: # eureka: # host: # - "http://${username}:${password}@${eureka_host1}:${eureka_port1}" # - "http://${username}:${password}@${eureka_host2}:${eureka_port2}" # prefix: "/eureka/" # fetch_interval: 30 # weight: 100 # timeout: # connect: 2000 # send: 2000 # read: 5000 # access log and error log configuration logs: enableAccessLog: true accessLog: "/dev/stdout" accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"' accessLogFormatEscape: default errorLog: "/dev/stderr" errorLogLevel: "warn" dns: resolvers: - 192.168.1.53 - 192.168.1.1 validity: 30 timeout: 5 autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # Custom configuration snippet. configurationSnippet: main: | httpStart: | httpEnd: | httpSrv: | httpAdmin: | stream: | # Observability configuration. # ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/ serviceMonitor: enabled: false # namespace where the serviceMonitor is deployed, by default, it is the same as the namespace of the apisix namespace: "" # name of the serviceMonitor, by default, it is the same as the apisix fullname name: "" # interval at which metrics should be scraped interval: 15s # path of the metrics endpoint path: /apisix/prometheus/metrics # prefix of the metrics metricPrefix: apisix_ # container port where the metrics are exposed containerPort: 9091 # @param serviceMonitor.labels ServiceMonitor extra labels labels: {} # @param serviceMonitor.annotations ServiceMonitor annotations annotations: {} # etcd configuration # use the FQDN address or the IP of the etcd etcd: # install etcd(v3) by default, set false if do not want to install etcd(v3) together enabled: true host: - http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379 prefix: "/apisix" timeout: 30 # if etcd.enabled is true, set more values of bitnami/etcd helm chart auth: rbac: # No authentication by default create: false user: "" password: "" tls: enabled: false existingSecret: "" certFilename: "" certKeyFilename: "" verify: true sni: "" service: port: 2379 replicaCount: 1 dashboard: enabled: true ingress-controller: enabled: true