From 67d7d47a69ec53eeca69a37743b8bd1876734adf Mon Sep 17 00:00:00 2001 From: Sarasa Kisaragi Date: Wed, 27 Sep 2023 15:53:35 +0800 Subject: [PATCH] feat: support Ingress 1.7.0 etcdserver (#624) --- charts/apisix-ingress-controller/README.md | 4 + .../templates/apisix-configmap.yaml | 127 ++++++++++++++++++ .../templates/configmap.yaml | 8 ++ .../templates/deployment.yaml | 35 ++++- .../templates/service-apisix.yaml | 20 +++ charts/apisix-ingress-controller/values.yaml | 11 ++ 6 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 charts/apisix-ingress-controller/templates/apisix-configmap.yaml create mode 100644 charts/apisix-ingress-controller/templates/service-apisix.yaml diff --git a/charts/apisix-ingress-controller/README.md b/charts/apisix-ingress-controller/README.md index bb82c246..ddff29cc 100644 --- a/charts/apisix-ingress-controller/README.md +++ b/charts/apisix-ingress-controller/README.md @@ -120,6 +120,10 @@ The same for container level, you need to set: | config.apisixResourceSyncInterval | string | `"1h"` | Default interval for synchronizing Kubernetes resources to APISIX | | config.certFile | string | `"/etc/webhook/certs/cert.pem"` | the TLS certificate file path. | | config.enableProfiling | bool | `true` | enable profiling via web interfaces host:port/debug/pprof, default is true. | +| config.etcdserver.enabled | bool | `false` | Enable etcd server or not, default is false. | +| config.etcdserver.image.pullPolicy | string | `"IfNotPresent"` | Apache APISIX image pull policy | +| config.etcdserver.image.repository | string | `"apache/apisix"` | Apache APISIX image repository | +| config.etcdserver.image.tag | string | `"3.5.0-debian"` | Apache APISIX image tag Overrides the image tag whose default is the chart appVersion. | | config.httpListen | string | `":8080"` | the HTTP Server listen address, default is ":8080" | | config.httpsListen | string | `":8443"` | the HTTPS Server listen address, default is ":8443" | | config.ingressPublishService | string | `""` | the controller will use the Endpoint of this Service to update the status information of the Ingress resource. The format is "namespace/svc-name" to solve the situation that the data plane and the controller are not deployed in the same namespace. | diff --git a/charts/apisix-ingress-controller/templates/apisix-configmap.yaml b/charts/apisix-ingress-controller/templates/apisix-configmap.yaml new file mode 100644 index 00000000..72bfaaa0 --- /dev/null +++ b/charts/apisix-ingress-controller/templates/apisix-configmap.yaml @@ -0,0 +1,127 @@ +{{ if .Values.config.etcdserver.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-gw-configmap + namespace: {{ .Release.Namespace }} + labels: + {{- include "apisix-ingress-controller.labels" . | nindent 4 }} +data: + config.yaml: > + deployment: + admin: + allow_admin: + - 127.0.0.0/24 + - 0.0.0.0/0 + admin_listen: + ip: 0.0.0.0 + port: 9180 + etcd: + host: + - "http://127.0.0.1:12379" + prefix: "/apisix" + timeout: 60 + + apisix: + enable_control: true + enable_reuseport: true + + stream_proxy: + only: false + tcp: + - 9100 + - addr: 9110 + tls: true + udp: + - 9200 + + + plugins: # plugin list (sorted by priority) + - real-ip # priority: 23000 + - ai # priority: 22900 + - client-control # priority: 22000 + - proxy-control # priority: 21990 + - request-id # priority: 12015 + - zipkin # priority: 12011 + #- skywalking # priority: 12010 + #- opentelemetry # priority: 12009 + - ext-plugin-pre-req # priority: 12000 + - fault-injection # priority: 11000 + - mocking # priority: 10900 + - serverless-pre-function # priority: 10000 + #- batch-requests # priority: 4010 + - cors # priority: 4000 + - ip-restriction # priority: 3000 + - ua-restriction # priority: 2999 + - referer-restriction # priority: 2990 + - csrf # priority: 2980 + - uri-blocker # priority: 2900 + - request-validation # priority: 2800 + - openid-connect # priority: 2599 + - cas-auth # priority: 2597 + - authz-casbin # priority: 2560 + - authz-casdoor # priority: 2559 + - wolf-rbac # priority: 2555 + - ldap-auth # priority: 2540 + - hmac-auth # priority: 2530 + - basic-auth # priority: 2520 + - jwt-auth # priority: 2510 + - key-auth # priority: 2500 + - consumer-restriction # priority: 2400 + - forward-auth # priority: 2002 + - opa # priority: 2001 + - authz-keycloak # priority: 2000 + #- error-log-logger # priority: 1091 + - proxy-mirror # priority: 1010 + - proxy-cache # priority: 1009 + - proxy-rewrite # priority: 1008 + - workflow # priority: 1006 + - api-breaker # priority: 1005 + - limit-conn # priority: 1003 + - limit-count # priority: 1002 + - limit-req # priority: 1001 + #- node-status # priority: 1000 + - gzip # priority: 995 + - traffic-split # priority: 966 + - redirect # priority: 900 + - response-rewrite # priority: 899 + - kafka-proxy # priority: 508 + #- dubbo-proxy # priority: 507 + - grpc-transcode # priority: 506 + - grpc-web # priority: 505 + - public-api # priority: 501 + - prometheus # priority: 500 + - datadog # priority: 495 + - elasticsearch-logger # priority: 413 + - echo # priority: 412 + - loggly # priority: 411 + - http-logger # priority: 410 + - splunk-hec-logging # priority: 409 + - skywalking-logger # priority: 408 + - google-cloud-logging # priority: 407 + - sls-logger # priority: 406 + - tcp-logger # priority: 405 + - kafka-logger # priority: 403 + - rocketmq-logger # priority: 402 + - syslog # priority: 401 + - udp-logger # priority: 400 + - file-logger # priority: 399 + - clickhouse-logger # priority: 398 + - tencent-cloud-cls # priority: 397 + - inspect # priority: 200 + #- log-rotate # priority: 100 + # <- recommend to use priority (0, 100) for your custom plugins + - example-plugin # priority: 0 + #- gm # priority: -43 + - aws-lambda # priority: -1899 + - azure-functions # priority: -1900 + - openwhisk # priority: -1901 + - openfunction # priority: -1902 + - serverless-post-function # priority: -2000 + - ext-plugin-post-req # priority: -3000 + - ext-plugin-post-resp # priority: -4000 + + plugin_attr: + prometheus: + enable_export_server: false +{{ end }} \ No newline at end of file diff --git a/charts/apisix-ingress-controller/templates/configmap.yaml b/charts/apisix-ingress-controller/templates/configmap.yaml index 3b2f6645..72bc6878 100644 --- a/charts/apisix-ingress-controller/templates/configmap.yaml +++ b/charts/apisix-ingress-controller/templates/configmap.yaml @@ -53,17 +53,25 @@ data: plugin_metadata_cm: {{ .Values.config.kubernetes.pluginMetadataCM | quote }} apisix: admin_api_version: {{ .Values.config.apisix.adminAPIVersion | quote }} + {{- if .Values.config.etcdserver.enabled }} + default_cluster_base_url: http://127.0.0.1:9180/apisix/admin + {{ else }} {{- if .Values.config.apisix.serviceFullname }} default_cluster_base_url: http://{{ .Values.config.apisix.serviceFullname }}:{{ .Values.config.apisix.servicePort }}/apisix/admin {{ else }} default_cluster_base_url: http://{{ .Values.config.apisix.serviceName }}.{{ .Values.config.apisix.serviceNamespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.config.apisix.servicePort }}/apisix/admin {{- end}} + {{- end }} {{- if .Values.config.apisix.existingSecret }} default_cluster_admin_key: "{{"{{"}}.DEFAULT_CLUSTER_ADMIN_KEY{{"}}"}}" {{- else }} default_cluster_admin_key: {{ .Values.config.apisix.adminKey | quote }} {{- end }} default_cluster_name: {{ .Values.config.apisix.clusterName | quote }} + {{ if .Values.config.etcdserver.enabled }} + etcdserver: + enabled: true + {{ end }} kind: ConfigMap metadata: name: {{ .Release.Name }}-configmap diff --git a/charts/apisix-ingress-controller/templates/deployment.yaml b/charts/apisix-ingress-controller/templates/deployment.yaml index b5cd0f10..e3ac416e 100644 --- a/charts/apisix-ingress-controller/templates/deployment.yaml +++ b/charts/apisix-ingress-controller/templates/deployment.yaml @@ -60,6 +60,12 @@ spec: items: - key: config.yaml path: config.yaml + {{ if .Values.config.etcdserver.enabled }} + - name: apisix-config + configMap: + name: {{ .Release.Name }}-gw-configmap + {{ end }} + {{ if not .Values.config.etcdserver.enabled }} initContainers: - name: wait-apisix-admin image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }} @@ -71,6 +77,7 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{ end }} containers: - name: {{ .Chart.Name }} command: @@ -86,6 +93,11 @@ spec: - name: http containerPort: {{ (.Values.config.httpListen | split ":")._1 }} protocol: TCP + {{ if .Values.config.etcdserver.enabled }} + - name: etcd + containerPort: 12379 + protocol: TCP + {{ end }} livenessProbe: httpGet: path: /healthz @@ -97,8 +109,9 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - mountPath: /ingress-apisix/conf + - mountPath: /ingress-apisix/conf/config.yaml name: configuration + subPath: config.yaml env: - name: POD_NAMESPACE valueFrom: @@ -115,6 +128,26 @@ spec: name: {{ .Values.config.apisix.existingSecret | quote }} key: {{ include "apisix-ingress-controller.credentials.secretAdminKey" . }} {{- end }} + {{ if .Values.config.etcdserver.enabled }} + - name: apisix + image: "{{ .Values.config.etcdserver.image.repository }}:{{ .Values.config.etcdserver.image.tag }}" + imagePullPolicy: {{ .Values.config.etcdserver.image.pullPolicy }} + ports: + - name: http + containerPort: 9080 + protocol: TCP + - name: http-admin + containerPort: 9180 + protocol: TCP + - name: https + containerPort: 9443 + protocol: TCP + resources: {} + volumeMounts: + - name: apisix-config + mountPath: /usr/local/apisix/conf/config.yaml + subPath: config.yaml + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/apisix-ingress-controller/templates/service-apisix.yaml b/charts/apisix-ingress-controller/templates/service-apisix.yaml new file mode 100644 index 00000000..106ec90b --- /dev/null +++ b/charts/apisix-ingress-controller/templates/service-apisix.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "apisix-ingress-controller.fullname" . }}-apisix-gateway + namespace: {{ .Release.Namespace }} + labels: + {{- include "apisix-ingress-controller.labels" . | nindent 4 }} +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 9080 + - name: https + protocol: TCP + port: 443 + targetPort: 9443 + selector: + {{- include "apisix-ingress-controller.selectorLabels" . | nindent 4 }} + type: NodePort diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml index e6e45e4a..63a52ffc 100644 --- a/charts/apisix-ingress-controller/values.yaml +++ b/charts/apisix-ingress-controller/values.yaml @@ -61,6 +61,17 @@ service: port: 80 config: + etcdserver: + # -- Enable etcd server or not, default is false. + enabled: false + image: + # -- Apache APISIX image repository + repository: apache/apisix + # -- Apache APISIX image pull policy + pullPolicy: IfNotPresent + # -- Apache APISIX image tag + # Overrides the image tag whose default is the chart appVersion. + tag: 3.5.0-debian # -- the error log level, default is info, optional values are: debug, info, warn, error, panic, fatal logLevel: "info" # -- the output file path of error log, default is stderr, when