mirror of
https://github.com/nold360/hive-apps
synced 2024-11-16 18:49:30 +00:00
382 lines
9.2 KiB
YAML
382 lines
9.2 KiB
YAML
apisix:
|
|
# Enable or disable Apache APISIX itself
|
|
# Set it to false and ingress-controller.enabled=true will deploy only ingress-controller
|
|
enabled: true
|
|
|
|
# Enable nginx IPv6 resolver
|
|
enableIPv6: true
|
|
|
|
# Use Pod metadata.uid as the APISIX id.
|
|
setIDFromPodUID: false
|
|
|
|
customLuaSharedDicts: []
|
|
# - name: foo
|
|
# size: 10k
|
|
# - name: bar
|
|
# size: 1m
|
|
luaModuleHook:
|
|
enabled: false
|
|
# extend lua_package_path to load third party code
|
|
luaPath: ""
|
|
# the hook module which will be used to inject third party code into APISIX
|
|
# use the lua require style like: "module.say_hello"
|
|
hookPoint: ""
|
|
# configmap that stores the codes
|
|
configMapRef:
|
|
name: ""
|
|
# mounts decides how to mount the codes to the container.
|
|
mounts:
|
|
- key: ""
|
|
path: ""
|
|
|
|
enableCustomizedConfig: false
|
|
customizedConfig: {}
|
|
|
|
image:
|
|
repository: apache/apisix
|
|
pullPolicy: IfNotPresent
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: 2.13.1-alpine
|
|
|
|
# Use a `DaemonSet` or `Deployment`
|
|
kind: Deployment
|
|
# kind is DaemonSet,replicaCount not become effective
|
|
replicaCount: 1
|
|
|
|
podAnnotations: {}
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
# See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
minAvailable: 90%
|
|
maxUnavailable: 1
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
# If true, it will sets the anti-affinity of the Pod.
|
|
podAntiAffinity:
|
|
enabled: false
|
|
|
|
# timezone is the timezone where apisix uses.
|
|
# For example: "UTC" or "Asia/Shanghai"
|
|
# This value will be set on apisix container's environment variable TZ.
|
|
# You may need to set the timezone to be consistent with your local time zone,
|
|
# otherwise the apisix's logs may used to retrieve event maybe in wrong timezone.
|
|
timezone: ""
|
|
|
|
# extraEnvVars An array to add extra env vars
|
|
# e.g:
|
|
# extraEnvVars:
|
|
# - name: FOO
|
|
# value: "bar"
|
|
# - name: FOO2
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: SECRET_NAME
|
|
# key: KEY
|
|
extraEnvVars: []
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
|
|
gateway:
|
|
#type: NodePort
|
|
# If you want to keep the client source IP, you can set this to Local.
|
|
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
externalTrafficPolicy: Cluster
|
|
type: LoadBalancer
|
|
annotations:
|
|
metallb.universe.tf/address-pool: internal
|
|
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
|
externalIPs:
|
|
- 192.168.1.14
|
|
http:
|
|
enabled: true
|
|
servicePort: 80
|
|
containerPort: 9080
|
|
tls:
|
|
enabled: true
|
|
servicePort: 443
|
|
containerPort: 9443
|
|
existingCASecret: ""
|
|
certCAFilename: ""
|
|
http2:
|
|
enabled: true
|
|
stream: # L4 proxy (TCP/UDP)
|
|
enabled: false
|
|
only: false
|
|
tcp: []
|
|
udp: []
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
kubernetes.io/ingress.class: apisix
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: api.six
|
|
paths:
|
|
- '/'
|
|
tls:
|
|
- secretName: apisix-tls
|
|
hosts:
|
|
- api.six
|
|
|
|
admin:
|
|
# Enable Admin API
|
|
enabled: true
|
|
# admin service type
|
|
type: ClusterIP
|
|
# loadBalancerIP: a.b.c.d
|
|
# loadBalancerSourceRanges:
|
|
# - "143.231.0.0/16"
|
|
externalIPs: []
|
|
#
|
|
port: 9180
|
|
servicePort: 9180
|
|
# Admin API support CORS response headers
|
|
cors: true
|
|
# Admin API credentials
|
|
credentials:
|
|
admin: edd1c9f034335f136f87ad84b625c8f1
|
|
viewer: 4054f7cf07e344346cd3f287985e76a2
|
|
|
|
allow:
|
|
# The ip range for allowing access to Apache APISIX
|
|
ipList:
|
|
- 127.0.0.1/24
|
|
|
|
|
|
# APISIX plugins to be enabled
|
|
plugins:
|
|
- api-breaker
|
|
- authz-keycloak
|
|
- basic-auth
|
|
- batch-requests
|
|
- consumer-restriction
|
|
- cors
|
|
- echo
|
|
- fault-injection
|
|
- grpc-transcode
|
|
- hmac-auth
|
|
- http-logger
|
|
- ip-restriction
|
|
- ua-restriction
|
|
- jwt-auth
|
|
- kafka-logger
|
|
- key-auth
|
|
- limit-conn
|
|
- limit-count
|
|
- limit-req
|
|
- node-status
|
|
- openid-connect
|
|
- authz-casbin
|
|
- prometheus
|
|
- proxy-cache
|
|
- proxy-mirror
|
|
- proxy-rewrite
|
|
- redirect
|
|
- referer-restriction
|
|
- request-id
|
|
- request-validation
|
|
- response-rewrite
|
|
- serverless-post-function
|
|
- serverless-pre-function
|
|
- sls-logger
|
|
- syslog
|
|
- tcp-logger
|
|
- udp-logger
|
|
- uri-blocker
|
|
- wolf-rbac
|
|
- zipkin
|
|
- traffic-split
|
|
- gzip
|
|
- real-ip
|
|
- ext-plugin-pre-req
|
|
- ext-plugin-post-req
|
|
stream_plugins:
|
|
- mqtt-proxy
|
|
- ip-restriction
|
|
- limit-conn
|
|
|
|
pluginAttrs: {}
|
|
|
|
extPlugin:
|
|
enabled: false
|
|
cmd: ["/path/to/apisix-plugin-runner/runner", "run"]
|
|
|
|
# customPlugins allows you to mount your own HTTP plugins.
|
|
customPlugins:
|
|
enabled: false
|
|
# the lua_path that tells APISIX where it can find plugins,
|
|
# note the last ';' is required.
|
|
luaPath: "/opts/custom_plugins/?.lua"
|
|
plugins:
|
|
# plugin name.
|
|
- name: ""
|
|
# plugin attrs
|
|
attrs: |
|
|
# plugin codes can be saved inside configmap object.
|
|
configMap:
|
|
# name of configmap.
|
|
name: ""
|
|
# since keys in configmap is flat, mountPath allows to define the mount
|
|
# path, so that plugin codes can be mounted hierarchically.
|
|
mounts:
|
|
- key: ""
|
|
path: ""
|
|
- key: ""
|
|
path: ""
|
|
|
|
updateStrategy: {}
|
|
# type: RollingUpdate
|
|
|
|
extraVolumes: []
|
|
# - name: extras
|
|
# emptyDir: {}
|
|
|
|
extraVolumeMounts: []
|
|
# - name: extras
|
|
# mountPath: /usr/share/extras
|
|
# readOnly: true
|
|
|
|
discovery:
|
|
enabled: false
|
|
registry:
|
|
# Integration service discovery registry. E.g eureka\dns\nacos\consul_kv
|
|
# reference:
|
|
# https://apisix.apache.org/docs/apisix/discovery#configuration-for-eureka
|
|
# https://apisix.apache.org/docs/apisix/discovery/dns#service-discovery-via-dns
|
|
# https://apisix.apache.org/docs/apisix/discovery/consul_kv#configuration-for-consul-kv
|
|
# https://apisix.apache.org/docs/apisix/discovery/nacos#configuration-for-nacos
|
|
#
|
|
# an eureka example:
|
|
# eureka:
|
|
# host:
|
|
# - "http://${username}:${password}@${eureka_host1}:${eureka_port1}"
|
|
# - "http://${username}:${password}@${eureka_host2}:${eureka_port2}"
|
|
# prefix: "/eureka/"
|
|
# fetch_interval: 30
|
|
# weight: 100
|
|
# timeout:
|
|
# connect: 2000
|
|
# send: 2000
|
|
# read: 5000
|
|
|
|
# access log and error log configuration
|
|
logs:
|
|
enableAccessLog: true
|
|
accessLog: "/dev/stdout"
|
|
accessLogFormat: '$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"'
|
|
accessLogFormatEscape: default
|
|
errorLog: "/dev/stderr"
|
|
errorLogLevel: "warn"
|
|
|
|
dns:
|
|
resolvers:
|
|
- 192.168.1.53
|
|
- 192.168.1.1
|
|
validity: 30
|
|
timeout: 5
|
|
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 100
|
|
targetCPUUtilizationPercentage: 80
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
# Custom configuration snippet.
|
|
configurationSnippet:
|
|
main: |
|
|
|
|
httpStart: |
|
|
|
|
httpEnd: |
|
|
|
|
httpSrv: |
|
|
|
|
httpAdmin: |
|
|
|
|
stream: |
|
|
|
|
# Observability configuration.
|
|
# ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/
|
|
serviceMonitor:
|
|
enabled: false
|
|
# namespace where the serviceMonitor is deployed, by default, it is the same as the namespace of the apisix
|
|
namespace: ""
|
|
# name of the serviceMonitor, by default, it is the same as the apisix fullname
|
|
name: ""
|
|
# interval at which metrics should be scraped
|
|
interval: 15s
|
|
# path of the metrics endpoint
|
|
path: /apisix/prometheus/metrics
|
|
# prefix of the metrics
|
|
metricPrefix: apisix_
|
|
# container port where the metrics are exposed
|
|
containerPort: 9091
|
|
# @param serviceMonitor.labels ServiceMonitor extra labels
|
|
labels: {}
|
|
# @param serviceMonitor.annotations ServiceMonitor annotations
|
|
annotations: {}
|
|
|
|
# etcd configuration
|
|
# use the FQDN address or the IP of the etcd
|
|
etcd:
|
|
# install etcd(v3) by default, set false if do not want to install etcd(v3) together
|
|
enabled: true
|
|
host:
|
|
- http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
|
|
prefix: "/apisix"
|
|
timeout: 30
|
|
|
|
# if etcd.enabled is true, set more values of bitnami/etcd helm chart
|
|
auth:
|
|
rbac:
|
|
# No authentication by default
|
|
create: false
|
|
user: ""
|
|
password: ""
|
|
tls:
|
|
enabled: false
|
|
existingSecret: ""
|
|
certFilename: ""
|
|
certKeyFilename: ""
|
|
verify: true
|
|
sni: ""
|
|
|
|
service:
|
|
port: 2379
|
|
|
|
replicaCount: 1
|
|
|
|
dashboard:
|
|
enabled: true
|
|
|
|
ingress-controller:
|
|
enabled: true
|