This is an automated email from the ASF dual-hosted git repository.
baoyuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new bdfe0b7 feat: add trusted_addresses option to apisix configmap
template (#909)
bdfe0b7 is described below
commit bdfe0b7132ebc8c53b48f06621c85967bfd2f42e
Author: manueljishi <[email protected]>
AuthorDate: Wed Nov 26 02:39:35 2025 +0100
feat: add trusted_addresses option to apisix configmap template (#909)
---
charts/apisix/Chart.yaml | 2 +-
charts/apisix/README.md | 1 +
charts/apisix/templates/configmap.yaml | 5 +++++
charts/apisix/values.yaml | 4 ++++
4 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index 26ca880..718a506 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each
time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.12.3
+version: 2.12.4
# This is the version number of the application being deployed. This version
number should be
# incremented each time you make changes to the application. Versions are not
expected to
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 1f52852..225e0ca 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -128,6 +128,7 @@ The command removes all the Kubernetes components
associated with the chart and
| apisix.status.ip | string | `"0.0.0.0"` | |
| apisix.status.port | int | `7085` | |
| apisix.stream_plugins | list | `[]` | Customize the list of APISIX
stream_plugins to enable. By default, APISIX's [default
stream_plugins](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua#L294)
are automatically used. |
+| apisix.trustedAddresses | list | `["127.0.0.1"]` | When configured, APISIX
will trust the `X-Forwarded-*` Headers passed in requests from the IP/CIDR in
the list. |
| apisix.vault.enabled | bool | `false` | Enable or disable the vault
integration |
| apisix.vault.host | string | `""` | The host address where the vault server
is running. |
| apisix.vault.prefix | string | `""` | Prefix allows you to better
enforcement of policies. |
diff --git a/charts/apisix/templates/configmap.yaml
b/charts/apisix/templates/configmap.yaml
index 91cb132..b8ecb4d 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -176,6 +176,11 @@ data:
port: {{ default "7085" (.Values.apisix.status.port | toString) }}
{{- end}}
+ {{ if .Values.apisix.trustedAddresses }}
+ trusted_addresses:
+ {{- toYaml .Values.apisix.trustedAddresses | nindent 8 }}
+ {{ end }}
+
nginx_config: # config for render the template to genarate nginx.conf
error_log: "{{ .Values.apisix.nginx.logs.errorLog }}"
error_log_level: "{{ .Values.apisix.nginx.logs.errorLogLevel }}" #
warn,error
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 67a6a13..65945e3 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -585,6 +585,10 @@ apisix:
ip: "0.0.0.0"
port: 7085
+ # -- When configured, APISIX will trust the `X-Forwarded-*` Headers passed
in requests from the IP/CIDR in the list.
+ trustedAddresses:
+ - 127.0.0.1
+
# -- external etcd configuration. If etcd.enabled is false, these
configuration will be used.
externalEtcd:
# -- if etcd.enabled is false, use external etcd, support multiple address,
if your etcd cluster enables TLS, please use https scheme, e.g.
https://127.0.0.1:2379.
