zimbres commented on issue #9931:
URL: https://github.com/apache/apisix/issues/9931#issuecomment-1683178984
No problem. Its Helm managed by Flux:
```
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: apisix
namespace: apisix
spec:
interval: 1m0s
url: https://charts.bitnami.com/bitnami
```
```
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: apisix
namespace: apisix
spec:
chart:
spec:
chart: apisix
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: apisix
version: 2.0.3
interval: 1m0s
values:
controlPlane:
defaultConfig: |
plugin_attr:
redirect:
https_port: 443
{{- if .Values.controlPlane.metrics.enabled }}
plugin_attr:
prometheus:
export_uri: /apisix/prometheus/metrics
metric_prefix: apisix_
enable_export_server: true
export_addr:
ip: 0.0.0.0
port: {{ .Values.controlPlane.containerPorts.metrics }}
{{- end }}
nginx_config:
error_log: /dev/stderr
stream:
access_log: /dev/stdout
http:
access_log: /dev/stdout
http_configuration_snippet: |
proxy_buffering off;
apisix:
control:
ip: 0.0.0.0
port: {{ .Values.controlPlane.containerPorts.control }}
deployment:
role: control_plane
role_control_plane:
config_provider: etcd
conf_server:
listen: 0.0.0.0:{{
.Values.controlPlane.containerPorts.configServer }}
cert: /bitnami/certs/{{
.Values.controlPlane.tls.certFilename }}
cert_key: /bitnami/certs/{{
.Values.controlPlane.tls.certKeyFilename }}
etcd:
host:
{{- if .Values.etcd.enabled }}
{{- $replicas := $.Values.etcd.replicaCount | int }}
{{- range $i, $_e := until $replicas }}
- {{ printf "%s://%s-%d.%s:%v" (ternary "https" "http"
$.Values.etcd.auth.client.secureTransport) (include "apisix.etcd.fullname" $ )
$i (include "apisix.etcd.headlessServiceName" $) ( include "apisix.etcd.port" $
) }} {{- end }}
{{- else }}
{{- range $node := .Values.externalEtcd.servers }}
- {{ ternary "https" "http"
$.Values.externalEtcd.secureTransport }}://{{ printf "%s:%v" $node (include
"apisix.etcd.port" $) }}
{{- end }}
{{- end }}
prefix: /apisix
timeout: 30
use_grpc: false
startup_retry: 60
{{- if (include "apisix.etcd.authEnabled" .) }}
user: "{{ print "{{APISIX_ETCD_USER}}" }}"
password: "{{ print "{{APISIX_ETCD_PASSWORD}}" }}"
{{- end }}
{{- if .Values.controlPlane.tls.enabled }}
certs:
{{- if .Values.controlPlane.tls.enabled }}
cert: /bitnami/certs/{{ .Values.controlPlane.tls.certFilename }}
cert_key: /bitnami/certs/{{
.Values.controlPlane.tls.certKeyFilename }}
{{- if .Values.controlPlane.tls.certCAFilename }}
client_ca_cert: /bitnami/certs/{{
.Values.controlPlane.tls.certCAFilename }}
{{- end }}
{{- end }}
{{- end }}
admin:
{{- if .Values.controlPlane.tls.enabled }}
https_admin: true
admin_api_mtls:
admin_ssl_cert: /bitnami/certs/{{
.Values.controlPlane.tls.certFilename }}
admin_ssl_cert_key: /bitnami/certs/{{
.Values.controlPlane.tls.certKeyFilename }}
{{- end }}
allow_admin:
- 0.0.0.0/0
admin_key:
- name: admin
key: "{{ print "{{APISIX_ADMIN_API_TOKEN}}" }}"
role: admin
- name: viewer
key: "{{ print "{{APISIX_VIEWER_API_TOKEN}}" }}"
role: viewer
admin_listen:
port: {{ .Values.controlPlane.containerPorts.adminAPI }}
enable_admin_cors: true # Admin API support CORS
response headers.
discovery:
kubernetes:
service:
schema: https #default https
# apiserver host, options [ipv4, ipv6, domain, environment
variable]
host: ${KUBERNETES_SERVICE_HOST}
# apiserver port, options [port number, environment variable]
port: ${KUBERNETES_SERVICE_PORT}
client:
# serviceaccount token or token_file
token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
default_weight: 50 # weight assigned to each discovered
endpoint. default 50, minimum 0
dataPlane:
metrics:
enabled: true
defaultConfig: |
{{- if .Values.dataPlane.metrics.enabled }}
plugin_attr:
redirect:
https_port: 443
prometheus:
export_uri: /apisix/prometheus/metrics
metric_prefix: apisix_
enable_export_server: true
export_addr:
ip: 0.0.0.0
port: {{ .Values.dataPlane.containerPorts.metrics }}
{{- else }}
plugin_attr:
redirect:
https_port: 443
{{- end }}
apisix:
node_listen: {{ .Values.dataPlane.containerPorts.http }}
enable_admin: false
{{- if .Values.dataPlane.tls.enabled }}
ssl:
enable: true
listen:
- port: {{ .Values.dataPlane.containerPorts.https }}
enable_http2: true
ssl_trusted_certificate: /bitnami/certs/{{
.Values.dataPlane.tls.certCAFilename }}
{{- end }}
control:
ip: 0.0.0.0
port: {{ .Values.dataPlane.containerPorts.control }}
nginx_config:
error_log: /dev/stderr
stream:
access_log: /dev/stdout
http:
access_log: /dev/stdout
http_configuration_snippet: |
proxy_buffering off;
deployment:
role: data_plane
role_data_plane:
config_provider: control_plane
{{- if .Values.controlPlane.enabled }}
control_plane:
host:
- {{ ternary "https" "http" .Values.controlPlane.tls.enabled
}}://{{ include "apisix.control-plane.fullname" . }}:{{
.Values.controlPlane.service.ports.configServer }}
prefix: /apisix
timeout: 30
{{- end }}
{{- if .Values.dataPlane.tls.enabled }}
certs:
{{- if .Values.dataPlane.tls.enabled }}
cert: /bitnami/certs/{{ .Values.dataPlane.tls.certFilename }}
cert_key: /bitnami/certs/{{
.Values.dataPlane.tls.certKeyFilename }}
{{- if .Values.dataPlane.tls.certCAFilename }}
client_ca_cert: /bitnami/certs/{{
.Values.dataPlane.tls.certCAFilename }}
{{- end }}
{{- end }}
{{- end }}
discovery:
kubernetes:
service:
# apiserver schema, options [http, https]
schema: https #default https
# apiserver host, options [ipv4, ipv6, domain, environment
variable]
host: ${KUBERNETES_SERVICE_HOST} #default
${KUBERNETES_SERVICE_HOST}
# apiserver port, options [port number, environment variable]
port: ${KUBERNETES_SERVICE_PORT} #default
${KUBERNETES_SERVICE_PORT}
client:
# serviceaccount token or token_file
token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
default_weight: 50 # weight assigned to each discovered
endpoint. default 50, minimum 0
service:
externalTrafficPolicy: Local
dashboard:
service:
type: ClusterIP
ports:
http: 80
enable: true
username: admin
password: "Admin123"
defaultConfig: |
conf:
listen:
host: 0.0.0.0
port: {{ .Values.dashboard.containerPorts.http }}
{{- if .Values.dashboard.tls.enabled }}
ssl:
host: 0.0.0.0
port: {{ .Values.dashboard.containerPorts.https }}
cert: /bitnami/certs/{{ .Values.dashboard.tls.certFilename }}
key: /bitnami/certs/{{ .Values.dashboard.tls.certKeyFilename }}
{{- end }}
etcd:
prefix: "/apisix"
endpoints:
{{- if .Values.etcd.enabled }}
{{- $replicas := $.Values.etcd.replicaCount | int }}
{{- range $i, $_e := until $replicas }}
- {{ printf "%s://%s-%d.%s:%v" (ternary "https" "http"
$.Values.etcd.auth.client.secureTransport) (include "apisix.etcd.fullname" $ )
$i (include "apisix.etcd.headlessServiceName" $) ( include "apisix.etcd.port" $
) }} {{- end }}
{{- else }}
{{- range $node :=.Values.externalEtcd.servers }}
- {{ printf "%s:%v" $node (include "apisix.etcd.port" $) }}
{{- end }}
{{- end }}
{{- if (include "apisix.etcd.authEnabled" .) }}
username: "{{ print "{{ APISIX_ETCD_USER }}" }}"
password: "{{ print "{{ APISIX_ETCD_PASSWORD }}" }}"
{{- end }}
log:
error_log:
level: warn
file_path: /dev/stderr
access_log:
file_path: /dev/stdout
authentication:
secret: secret
expire_time: 3600
users:
- username: "{{ print "{{ APISIX_DASHBOARD_USER }}" }}"
password: "{{ print "{{ APISIX_DASHBOARD_PASSWORD }}" }}"
plugins:
- api-breaker
- authz-casbin
- authz-casdoor
- authz-keycloak
- aws-lambda
- azure-functions
- basic-auth
- batch-requests
- clickhouse-logger
- client-control
- consumer-restriction
- cors
- csrf
- datadog
# - dubbo-proxy
- echo
- error-log-logger
- ext-plugin-post-req
- ext-plugin-post-resp
- ext-plugin-pre-req
- fault-injection
- file-logger
- forward-auth
- google-cloud-logging
- grpc-transcode
- grpc-web
- gzip
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- kafka-proxy
- key-auth
- ldap-auth
- limit-conn
- limit-count
- limit-req
- loggly
- log-rotate
- mocking
- node-status
- opa
- openid-connect
- opentelemetry
- openwhisk
- prometheus
- proxy-cache
- proxy-control
- proxy-mirror
- proxy-rewrite
- public-api
- real-ip
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- rocketmq-logger
- server-info
- serverless-post-function
- serverless-pre-function
- skywalking
- skywalking-logger
- sls-logger
- splunk-hec-logging
- syslog
- tcp-logger
- traffic-split
- ua-restriction
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- elasticsearch-logge
- openfunction
- tencent-cloud-cls
- ai
- cas-auth
ingressController:
enabled: true
externalEtcd:
servers:
- etcd.etcd.svc.cluster.local
port: 2379
etcd:
enabled: false
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
