Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: re-enable proxy-protocol configuration nodes #756

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/apisix/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.9.0
version: 2.9.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
8 changes: 8 additions & 0 deletions charts/apisix/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ The command removes all the Kubernetes components associated with the chart and
| apisix.prometheus.enabled | bool | `false` | |
| apisix.prometheus.metricPrefix | string | `"apisix_"` | prefix of the metrics |
| apisix.prometheus.path | string | `"/apisix/prometheus/metrics"` | path of the metrics endpoint |
| apisix.proxyProtocol | object | `{"enabled":false,"listenHttpPort":9181,"listenHttpsPort":9182,"tcp":true,"upstream":true}` | Enable Proxy Protocol |
| apisix.proxyProtocol.listenHttpPort | int | `9181` | The port with proxy protocol for http, it differs from node_listen and admin_listen. |
| apisix.proxyProtocol.listenHttpsPort | int | `9182` | The port with proxy protocol for https |
| apisix.proxyProtocol.tcp | bool | `true` | Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option |
| apisix.proxyProtocol.upstream | bool | `true` | Enable the proxy protocol to the upstream server |
| apisix.router.http | string | `"radixtree_host_uri"` | Defines how apisix handles routing: - radixtree_uri: match route by uri(base on radixtree) - radixtree_host_uri: match route by host + uri(base on radixtree) - radixtree_uri_with_parameter: match route by uri with parameters |
| apisix.setIDFromPodUID | bool | `false` | Use Pod metadata.uid as the APISIX id. |
| apisix.ssl.additionalContainerPorts | list | `[]` | Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99) |
Expand Down Expand Up @@ -213,6 +218,9 @@ The command removes all the Kubernetes components associated with the chart and
| service.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}` | Apache APISIX service settings for http |
| service.http.additionalContainerPorts | list | `[]` | Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) |
| service.labelsOverride | object | `{}` | Override default labels assigned to Apache APISIX gateway resources |
| service.proxyProtocol | object | `{"http":{"containerPort":9181,"enabled":false,"servicePort":9181},"https":{"containerPort":9182,"enabled":false,"servicePort":9182}}` | Proxy Protocol Configuration |
| service.proxyProtocol.http | object | `{"containerPort":9181,"enabled":false,"servicePort":9181}` | If you enable proxy protocol, you must use this port to receive http request with proxy protocol |
| service.proxyProtocol.https | object | `{"containerPort":9182,"enabled":false,"servicePort":9182}` | The port with proxy protocol for https |
| service.stream | object | `{"enabled":false,"tcp":[],"udp":[]}` | Apache APISIX service settings for stream. L4 proxy (TCP/UDP) |
| service.tls | object | `{"servicePort":443}` | Apache APISIX service settings for tls |
| service.type | string | `"NodePort"` | Apache APISIX service type for user access itself |
Expand Down
18 changes: 10 additions & 8 deletions charts/apisix/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,16 @@ data:
enable_http2: {{ .Values.apisix.enableHTTP2 }}
enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header

# proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and admin_listen.
# # This port can only receive http request with proxy protocol, but node_listen & admin_listen
# # can only receive http request. If you enable proxy protocol, you must use this port to
# # receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
{{- if .Values.apisix.proxyProtocol.enabled }}
proxy_protocol: # Proxy Protocol configuration
listen_http_port: {{ .Values.apisix.proxyProtocol.listenHttpPort }} # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
listen_https_port: {{ .Values.apisix.proxyProtocol.listenHttpsPort }} # The port with proxy protocol for https
enable_tcp_pp: {{ .Values.apisix.proxyProtocol.tcp }} # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
enable_tcp_pp_to_upstream: {{ .Values.apisix.proxyProtocol.upstream }} # Enable the proxy protocol to the upstream server
{{- end }}

proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
Expand Down
10 changes: 10 additions & 0 deletions charts/apisix/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,16 @@ spec:
containerPort: {{ .Values.apisix.prometheus.containerPort }}
protocol: TCP
{{- end }}
{{- if .Values.service.proxyProtocol.http.enabled }}
- name: pp-http
containerPort: {{ .Values.service.proxyProtocol.http.containerPort }}
protocol: TCP
{{- end }}
{{- if .Values.service.proxyProtocol.https.enabled }}
- name: pp-https
containerPort: {{ .Values.service.proxyProtocol.https.containerPort }}
protocol: TCP
{{- end }}
{{- if and .Values.service.stream.enabled (or (gt (len .Values.service.stream.tcp) 0) (gt (len .Values.service.stream.udp) 0)) }}
{{- with .Values.service.stream }}
{{- if (gt (len .tcp) 0) }}
Expand Down
18 changes: 18 additions & 0 deletions charts/apisix/templates/service-gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,24 @@ spec:
port: {{ .port }}
targetPort: {{ .port }}
{{- end }}
{{- if or .Values.service.proxyProtocol.http.enabled }}
- name: apisix-gateway-pp-http
port: {{ .Values.service.proxyProtocol.http.servicePort }}
targetPort: {{ .Values.service.proxyProtocol.http.containerPort }}
Copy link

@yunerou yunerou Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heresie

I realize you didn't define container port in templates/deployment.yaml. The request sent to the proxy_protocol port can't be forwarded to Apisix. Please explain to me if I am wrong.

Copy link
Contributor Author

@heresie heresie Jul 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @yunerou,
Declaring containerPorts on the Deployment is not mandatory to allow communication. However you are right, it's better to have them so it helps understanding.

{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.proxyProtocol.http.nodePort))) }}
nodePort: {{ .Values.service.proxyProtocol.http.nodePort }}
{{- end }}
protocol: TCP
{{- end }}
{{- if or .Values.service.proxyProtocol.https.enabled }}
- name: apisix-gateway-pp-https
port: {{ .Values.service.proxyProtocol.https.servicePort }}
targetPort: {{ .Values.service.proxyProtocol.https.containerPort }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.proxyProtocol.https.nodePort))) }}
nodePort: {{ .Values.service.proxyProtocol.https.nodePort }}
{{- end }}
protocol: TCP
{{- end }}
{{- if and .Values.service.stream.enabled (or (gt (len .Values.service.stream.tcp) 0) (gt (len .Values.service.stream.udp) 0)) }}
{{- with .Values.service.stream }}
{{- if (gt (len .tcp) 0) }}
Expand Down
33 changes: 33 additions & 0 deletions charts/apisix/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,27 @@ service:
servicePort: 443
# nodePort: 4443

# -- Proxy Protocol Configuration
proxyProtocol:
# -- If you enable proxy protocol, you must use this port to receive http request with proxy protocol
http:
enabled: false
# - Specify NodePort (only if gateway.type is NodePort)
# nodePort:
# - Define a Service Port on which the gateway is listening
servicePort: 9181
# - Gateway Service Port to use as target
containerPort: 9181
# -- The port with proxy protocol for https
https:
enabled: false
# - Specify NodePort (only if gateway.type is NodePort)
# nodePort:
# - Define a Service Port on which the gateway is listening
servicePort: 9182
# - Gateway Service Port to use as target
containerPort: 9182

# -- Apache APISIX service settings for stream. L4 proxy (TCP/UDP)
stream:
enabled: false
Expand Down Expand Up @@ -286,6 +307,18 @@ apisix:
# -- Use Pod metadata.uid as the APISIX id.
setIDFromPodUID: false

# -- Enable Proxy Protocol
proxyProtocol:
enabled: false
# -- The port with proxy protocol for http, it differs from node_listen and admin_listen.
listenHttpPort: 9181
# -- The port with proxy protocol for https
listenHttpsPort: 9182
# -- Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
tcp: true
# -- Enable the proxy protocol to the upstream server
upstream: true

# -- Whether to add a custom lua module
luaModuleHook:
enabled: false
Expand Down