This is an automated email from the ASF dual-hosted git repository.

nic-6443 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git


The following commit(s) were added to refs/heads/master by this push:
     new 873c9db  feat(apisix): expose more config options and document all 
values (#989)
873c9db is described below

commit 873c9db60bea54ee2eb258762deb8963e563f3be
Author: Nic <[email protected]>
AuthorDate: Mon Jul 6 17:19:36 2026 +0800

    feat(apisix): expose more config options and document all values (#989)
---
 charts/apisix/Chart.yaml                     |   2 +-
 charts/apisix/README.md                      | 152 +++++++++++++-----
 charts/apisix/templates/configmap.yaml       | 107 +++++++++----
 charts/apisix/templates/hpa.yaml             |   2 +-
 charts/apisix/templates/service-gateway.yaml |  18 +++
 charts/apisix/values.yaml                    | 224 +++++++++++++++++++++++++--
 6 files changed, 414 insertions(+), 91 deletions(-)

diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index 915da86..6a93851 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
 # This is the chart version. This version number should be incremented each 
time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.15.0
+version: 2.16.0
 
 # This is the version number of the application being deployed. This version 
number should be
 # incremented each time you make changes to the application. Versions are not 
expected to
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 64dfe2a..7f1ecc6 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -54,6 +54,9 @@ The command removes all the Kubernetes components associated 
with the chart and
 | apisix.admin.externalIPs | list | `[]` | IPs for which nodes in the cluster 
will also accept traffic for the servic |
 | apisix.admin.ingress | object | 
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-admin.local","paths":["/apisix"]}],"tls":[]}`
 | Using ingress access Apache APISIX admin service |
 | apisix.admin.ingress.annotations | object | `{}` | Ingress annotations |
+| apisix.admin.ingress.enabled | bool | `false` | Enable an Ingress resource 
in front of the Admin API service |
+| apisix.admin.ingress.hosts | list | 
`[{"host":"apisix-admin.local","paths":["/apisix"]}]` | Ingress host and path 
rules |
+| apisix.admin.ingress.tls | list | `[]` | Ingress TLS settings |
 | apisix.admin.ip | string | `"0.0.0.0"` | which ip to listen on for Apache 
APISIX admin API. Set to `"[::]"` when on IPv6 single stack |
 | apisix.admin.port | int | `9180` | which port to use for Apache APISIX admin 
API |
 | apisix.admin.servicePort | int | `9180` | Service port to use for Apache 
APISIX admin API |
@@ -66,40 +69,66 @@ The command removes all the Kubernetes components 
associated with the chart and
 | apisix.customPlugins.plugins[0].configMap | object | 
`{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"}`
 | plugin codes can be saved inside configmap object. |
 | apisix.customPlugins.plugins[0].configMap.mounts | list | 
`[{"key":"the-file-name","path":"mount-path"}]` | since keys in configmap is 
flat, mountPath allows to define the mount path, so that plugin codes can be 
mounted hierarchically. |
 | apisix.customPlugins.plugins[0].configMap.name | string | `"configmap-name"` 
| name of configmap. |
+| apisix.deleteURITailSlash | bool | `false` | Delete the '/' at the end of 
the URI |
 | apisix.deployment.mode | string | `"traditional"` | Apache APISIX deployment 
mode Optional: traditional, decoupled, standalone  ref: 
https://apisix.apache.org/docs/apisix/deployment-modes/ |
 | apisix.deployment.role | string | `"traditional"` | Deployment role 
Optional: traditional, data_plane, control_plane  ref: 
https://apisix.apache.org/docs/apisix/deployment-modes/ |
-| apisix.deployment.role_traditional.config_provider | string | `"etcd"` |  |
+| apisix.deployment.role_traditional.config_provider | string | `"etcd"` | 
Config provider for the traditional role. enum: etcd, yaml |
 | apisix.deployment.standalone | object | `{"config":"routes:\n-\n  uri: /hi\n 
 upstream:\n    nodes:\n      \"127.0.0.1:1980\": 1\n    type: 
roundrobin\n","existingConfigMap":""}` | Standalone rules configuration  ref: 
https://apisix.apache.org/docs/apisix/deployment-modes/#standalone |
 | apisix.deployment.standalone.config | string | `"routes:\n-\n  uri: /hi\n  
upstream:\n    nodes:\n      \"127.0.0.1:1980\": 1\n    type: roundrobin\n"` | 
Rules which are set to the default apisix.yaml configmap. If 
apisix.delpoyment.standalone.existingConfigMap is empty, these are used. |
 | apisix.deployment.standalone.existingConfigMap | string | `""` | Specifies 
the name of the ConfigMap that contains the rule configurations. The 
configuration must be set to the key named `apisix.yaml` in the configmap. |
 | apisix.discovery.enabled | bool | `false` | Enable or disable Apache APISIX 
integration service discovery |
 | apisix.discovery.registry | object | `{}` | Service discovery registry. 
Refer to [configuration under 
discovery](https://github.com/apache/apisix/blob/master/conf/config.yaml.example#L307)
 for example. Also see [example of using external service 
discovery](https://apisix.apache.org/docs/ingress-controller/1.8.0/tutorials/external-service-discovery/).
 |
-| apisix.dns.resolvers[0] | string | `"127.0.0.1"` |  |
-| apisix.dns.resolvers[1] | string | `"172.20.0.10"` |  |
-| apisix.dns.resolvers[2] | string | `"114.114.114.114"` |  |
-| apisix.dns.resolvers[3] | string | `"223.5.5.5"` |  |
-| apisix.dns.resolvers[4] | string | `"1.1.1.1"` |  |
-| apisix.dns.resolvers[5] | string | `"8.8.8.8"` |  |
-| apisix.dns.timeout | int | `5` |  |
-| apisix.dns.validity | int | `30` |  |
-| apisix.enableHTTP2 | bool | `true` |  |
+| apisix.dns.enableResolvSearchOpt | bool | `true` | Honor the `search` option 
in `/etc/resolv.conf` when resolving domain names |
+| apisix.dns.resolvers | list | `[]` | Nameservers used by APISIX to resolve 
upstream domain names. When empty (default), nameservers are read from 
`/etc/resolv.conf`, which is usually what you want inside Kubernetes |
+| apisix.dns.timeout | int | `5` | DNS resolver timeout in seconds |
+| apisix.dns.validity | int | `30` | Override the TTL in seconds of valid DNS 
records |
+| apisix.enableHTTP2 | bool | `true` | Enable HTTP/2 on the HTTP listeners |
 | apisix.enableIPv6 | bool | `true` | Enable nginx IPv6 resolver |
 | apisix.enableServerTokens | bool | `true` | Whether the APISIX version 
number should be shown in Server header |
 | apisix.extPlugin.cmd | list | 
`["/path/to/apisix-plugin-runner/runner","run"]` | the command and its 
arguements to run as a subprocess |
 | apisix.extPlugin.enabled | bool | `false` | Enable External Plugins. See 
[external plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/) |
 | apisix.fullCustomConfig.config | object | `{}` | If 
apisix.fullCustomConfig.enabled is true, full customized config.yaml. Please 
note that other settings about APISIX config will be ignored |
 | apisix.fullCustomConfig.enabled | bool | `false` | Enable full customized 
config.yaml |
+| apisix.graphql.maxSize | int | `1048576` | The maximum size in bytes of 
GraphQL queries APISIX parses when matching routes by GraphQL attributes 
(default 1MiB) |
+| apisix.lru | object | 
`{"secret":{"count":512,"neg_count":512,"neg_ttl":60,"ttl":300}}` | fine tune 
the parameters of LRU cache for some features like secret |
+| apisix.lru.secret.count | int | `512` | Maximum number of cached secret 
values |
+| apisix.lru.secret.neg_count | int | `512` | Maximum number of cached 
negative (failed lookup) results |
+| apisix.lru.secret.neg_ttl | int | `60` | TTL in seconds for cached negative 
(failed lookup) results |
+| apisix.lru.secret.ttl | int | `300` | TTL in seconds for cached secret 
values |
 | apisix.luaModuleHook | object | 
`{"configMapRef":{"mounts":[{"key":"","path":""}],"name":""},"enabled":false,"hookPoint":"","luaPath":""}`
 | Whether to add a custom lua module |
 | apisix.luaModuleHook.configMapRef | object | 
`{"mounts":[{"key":"","path":""}],"name":""}` | configmap that stores the codes 
|
 | apisix.luaModuleHook.configMapRef.mounts[0] | object | 
`{"key":"","path":""}` | Name of the ConfigMap key, for setting the mapping 
relationship between ConfigMap key and the lua module code path. |
 | apisix.luaModuleHook.configMapRef.mounts[0].path | string | `""` | Filepath 
of the plugin code, for setting the mapping relationship between ConfigMap key 
and the lua module code path. |
 | apisix.luaModuleHook.configMapRef.name | string | `""` | Name of the 
ConfigMap where the lua module codes store |
+| apisix.luaModuleHook.enabled | bool | `false` | Enable loading a custom lua 
module hook |
 | apisix.luaModuleHook.hookPoint | string | `""` | the hook module which will 
be used to inject third party code into APISIX use the lua require style like: 
"module.say_hello" |
 | apisix.luaModuleHook.luaPath | string | `""` | extend lua_package_path to 
load third party code |
-| apisix.nginx.configurationSnippet | object | 
`{"httpAdmin":"","httpEnd":"","httpSrv":"","httpStart":"","main":"","stream":""}`
 | Custom configuration snippet. |
+| apisix.nginx.configurationSnippet | object | 
`{"httpAdmin":"","httpEnd":"","httpSrv":"","httpStart":"","main":"","stream":""}`
 | Custom nginx configuration snippets injected into the generated nginx.conf. 
As arbitrary configuration can be added here, it is your responsibility to make 
sure the snippets don't conflict with the configuration generated by APISIX. |
+| apisix.nginx.configurationSnippet.httpAdmin | string | `""` | Snippet added 
to the nginx `server` block that serves the Admin API |
+| apisix.nginx.configurationSnippet.httpEnd | string | `""` | Snippet added to 
the end of the nginx `http` block |
+| apisix.nginx.configurationSnippet.httpSrv | string | `""` | Snippet added to 
the nginx `server` block that proxies regular traffic |
+| apisix.nginx.configurationSnippet.httpStart | string | `""` | Snippet added 
to the beginning of the nginx `http` block |
+| apisix.nginx.configurationSnippet.main | string | `""` | Snippet added to 
the nginx `main` (top-level) block |
+| apisix.nginx.configurationSnippet.stream | string | `""` | Snippet added to 
the nginx `stream` block |
 | apisix.nginx.customLuaSharedDicts | list | `[]` | Add custom 
[lua_shared_dict](https://github.com/openresty/lua-nginx-module?tab=readme-ov-file#lua_shared_dict)
 settings, click 
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
 to learn the format of a shared dict |
-| apisix.nginx.enableCPUAffinity | bool | `true` |  |
-| apisix.nginx.envs | list | `[]` |  |
+| apisix.nginx.enableCPUAffinity | bool | `true` | Bind nginx worker processes 
to CPUs |
+| apisix.nginx.envs | list | `[]` | List of environment variable names allowed 
to be accessed within nginx (rendered as nginx `env` directives) |
+| apisix.nginx.http | object | 
`{"charset":"utf-8","clientBodyTimeout":"60s","clientHeaderTimeout":"60s","clientMaxBodySize":0,"proxySslServerName":true,"realIpFrom":["127.0.0.1","unix:"],"realIpHeader":"X-Real-IP","realIpRecursive":"off","sendTimeout":"10s","underscoresInHeaders":"on","upstream":{"keepalive":320,"keepaliveRequests":1000,"keepaliveTimeout":"60s"},"variablesHashMaxSize":2048}`
 | Nginx HTTP subsystem configurations |
+| apisix.nginx.http.charset | string | `"utf-8"` | The charset added to the 
"Content-Type" response header field, see 
[charset](http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) |
+| apisix.nginx.http.clientBodyTimeout | string | `"60s"` | timeout for reading 
client request body, then 408 (Request Time-out) error is returned to the 
client |
+| apisix.nginx.http.clientHeaderTimeout | string | `"60s"` | timeout for 
reading client request header, then 408 (Request Time-out) error is returned to 
the client |
+| apisix.nginx.http.clientMaxBodySize | int | `0` | The maximum allowed size 
of the client request body. If exceeded, the 413 (Request Entity Too Large) 
error is returned to the client. Note that unlike Nginx, we don't limit the 
body size by default (0 means no limit). |
+| apisix.nginx.http.proxySslServerName | bool | `true` | Enables or disables 
passing of the server name through TLS Server Name Indication extension (SNI, 
RFC 6066) when establishing a connection with the proxied HTTPS server |
+| apisix.nginx.http.realIpFrom | list | `["127.0.0.1","unix:"]` | Trusted 
addresses from which the real IP header is honored, see 
[set_real_ip_from](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from)
 |
+| apisix.nginx.http.realIpHeader | string | `"X-Real-IP"` | The request header 
used to determine the client's real IP address, see 
[real_ip_header](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header)
 |
+| apisix.nginx.http.realIpRecursive | string | `"off"` | Whether to search for 
the real IP recursively when the header set in apisix.nginx.http.realIpHeader 
contains multiple addresses, see 
[real_ip_recursive](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive)
 |
+| apisix.nginx.http.sendTimeout | string | `"10s"` | timeout for transmitting 
a response to the client, then the connection is closed |
+| apisix.nginx.http.underscoresInHeaders | string | `"on"` | Enable the use of 
underscores in client request header fields |
+| apisix.nginx.http.upstream | object | 
`{"keepalive":320,"keepaliveRequests":1000,"keepaliveTimeout":"60s"}` | 
Keepalive settings for connections from APISIX to upstream servers |
+| apisix.nginx.http.upstream.keepalive | int | `320` | Maximum number of idle 
keepalive connections to upstream servers that are preserved in the cache of 
each worker process. When this number is exceeded, the least recently used 
connections are closed |
+| apisix.nginx.http.upstream.keepaliveRequests | int | `1000` | Maximum number 
of requests that can be served through one keepalive connection. After the 
maximum number of requests is made, the connection is closed |
+| apisix.nginx.http.upstream.keepaliveTimeout | string | `"60s"` | Timeout 
during which an idle keepalive connection to an upstream server will stay open |
+| apisix.nginx.http.variablesHashMaxSize | int | `2048` | The maximum size of 
the nginx variables hash table |
 | apisix.nginx.keepaliveTimeout | string | `"60s"` | Timeout during which a 
keep-alive client connection will stay open on the server side. |
 | apisix.nginx.logs.accessLog | string | `"/dev/stdout"` | Access log path |
 | apisix.nginx.logs.accessLogFormat | string | `"$remote_addr - $remote_user 
[$time_local] $http_host \\\"$request\\\" $status $body_bytes_sent 
$request_time \\\"$http_referer\\\" \\\"$http_user_agent\\\" $upstream_addr 
$upstream_status $upstream_response_time 
\\\"$upstream_scheme://$upstream_host$upstream_uri\\\""` | Access log format |
@@ -107,31 +136,53 @@ The command removes all the Kubernetes components 
associated with the chart and
 | apisix.nginx.logs.enableAccessLog | bool | `true` | Enable access log or 
not, default true |
 | apisix.nginx.logs.errorLog | string | `"/dev/stderr"` | Error log path |
 | apisix.nginx.logs.errorLogLevel | string | `"warn"` | Error log level |
+| apisix.nginx.logs.stream | object | 
`{"accessLog":"logs/access_stream.log","accessLogFormat":"$remote_addr 
[$time_local] $protocol $status $bytes_sent $bytes_received 
$session_time","accessLogFormatEscape":"default","enableAccessLog":false}` | 
Stream (L4 proxy) access log configuration |
+| apisix.nginx.logs.stream.accessLog | string | `"logs/access_stream.log"` | 
Stream access log path |
+| apisix.nginx.logs.stream.accessLogFormat | string | `"$remote_addr 
[$time_local] $protocol $status $bytes_sent $bytes_received $session_time"` | 
Stream access log format |
+| apisix.nginx.logs.stream.accessLogFormatEscape | string | `"default"` | 
Allows setting json or default characters escaping in variables for stream |
+| apisix.nginx.logs.stream.enableAccessLog | bool | `false` | Enable stream 
access log or not, default false |
 | apisix.nginx.luaSharedDicts | list | `[]` | Override default 
[lua_shared_dict](https://github.com/apache/apisix/blob/master/conf/config.yaml.example#L250-L276)
 settings, click 
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
 to learn the format of a shared dict |
+| apisix.nginx.maxPendingTimers | int | `16384` | Maximum number of pending 
timers. Increase it if you see "too many pending timers" error |
+| apisix.nginx.maxRunningTimers | int | `4096` | Maximum number of running 
timers. Increase it if you see "lua_max_running_timers are not enough" error |
 | apisix.nginx.metaLuaSharedDicts | list | `[]` | Override default meta-level 
[lua_shared_dict](https://github.com/apache/apisix/blob/master/conf/config.yaml.example)
 settings, meta-level shared dicts are shared across both HTTP and stream 
subsystems. Since APISIX 3.16.0, `upstream-healthcheck` is a meta-level shared 
dict. click 
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/values.yaml#L27-L30)
 to learn the format of a shared dict |
-| apisix.nginx.workerConnections | string | `"10620"` |  |
-| apisix.nginx.workerProcesses | string | `"auto"` |  |
-| apisix.nginx.workerRlimitNofile | string | `"20480"` |  |
+| apisix.nginx.workerConnections | string | `"10620"` | The maximum number of 
connections that each worker process can open |
+| apisix.nginx.workerProcesses | string | `"auto"` | The number of nginx 
worker processes. `auto` means the number of CPU cores |
+| apisix.nginx.workerRlimitNofile | string | `"20480"` | The number of files a 
worker process can open, should be larger than apisix.nginx.workerConnections |
+| apisix.nginx.workerShutdownTimeout | string | `"240s"` | Timeout for a 
graceful shutdown of worker processes |
+| apisix.normalizeURILikeServlet | bool | `false` | The URI normalization in 
servlet is a little different from the RFC's. See 
https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization,
 which is used under Tomcat. Turn this option on if you want to be compatible 
with servlet when matching URI path. |
 | apisix.pluginAttrs | object | `{}` | Set APISIX plugin attributes. By 
default, APISIX's 
[plugin_attr](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua#L295)
 are automatically used. See [configuration 
example](https://github.com/apache/apisix/blob/master/conf/config.yaml.example#L591).
 |
 | apisix.plugins | list | `[]` | Customize the list of APISIX plugins to 
enable. By default, APISIX's [default 
plugins](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua#L196)
 are automatically used. |
 | apisix.prometheus.containerPort | int | `9091` | container port where the 
metrics are exposed |
-| apisix.prometheus.enabled | bool | `false` |  |
+| apisix.prometheus.enabled | bool | `false` | Enable Prometheus metrics. ref: 
https://apisix.apache.org/docs/apisix/plugins/prometheus/ |
 | apisix.prometheus.metricPrefix | string | `"apisix_"` | prefix of the 
metrics |
 | apisix.prometheus.path | string | `"/apisix/prometheus/metrics"` | path of 
the metrics endpoint |
+| apisix.proxyCache | object | 
`{"cacheTtl":"10s","zones":[{"cache_levels":"1:2","disk_path":"/tmp/disk_cache_one","disk_size":"1G","memory_size":"50m","name":"disk_cache_one"},{"memory_size":"50m","name":"memory_cache"}]}`
 | Proxy caching configuration used by the proxy-cache plugin. |
+| apisix.proxyCache.cacheTtl | string | `"10s"` | The default caching time in 
disk if the upstream does not specify the cache time |
+| apisix.proxyCache.zones | list | 
`[{"cache_levels":"1:2","disk_path":"/tmp/disk_cache_one","disk_size":"1G","memory_size":"50m","name":"disk_cache_one"},{"memory_size":"50m","name":"memory_cache"}]`
 | The parameters of a cache. The `memory_size` field stores the cache index 
for the disk strategy and the cache content for the memory strategy; 
`disk_size`, `disk_path` and `cache_levels` only apply to the disk strategy. |
+| apisix.proxyProtocol | object | 
`{"enableTcpPP":false,"enableTcpPPToUpstream":false,"listenHttpNodePort":null,"listenHttpPort":null,"listenHttpsNodePort":null,"listenHttpsPort":null}`
 | PROXY Protocol configuration. |
+| apisix.proxyProtocol.enableTcpPP | bool | `false` | Accept the PROXY 
Protocol on every service.stream.tcp port. |
+| apisix.proxyProtocol.enableTcpPPToUpstream | bool | `false` | Send the PROXY 
Protocol to the upstream server on every service.stream.tcp port. |
+| apisix.proxyProtocol.listenHttpNodePort | int | `nil` | The nodePort of the 
PROXY Protocol HTTP port, only used if service.type is NodePort. If not set, a 
random port will be assigned by Kubernetes. |
+| apisix.proxyProtocol.listenHttpPort | int | `nil` | The HTTP port that 
accepts the PROXY Protocol. It differs from `service.http` ports and 
`apisix.admin` port: this port only accepts HTTP requests carrying the PROXY 
Protocol, while the other ports only accept plain HTTP requests. If you enable 
the PROXY Protocol, you must use this port to receive HTTP requests with it. 
When set, the port is also exposed on the gateway Service. |
+| apisix.proxyProtocol.listenHttpsNodePort | int | `nil` | The nodePort of the 
PROXY Protocol HTTPS port, only used if service.type is NodePort. If not set, a 
random port will be assigned by Kubernetes. |
+| apisix.proxyProtocol.listenHttpsPort | int | `nil` | The HTTPS port that 
accepts the PROXY Protocol. When set, the port is also exposed on the gateway 
Service. |
 | apisix.router.http | string | `"radixtree_host_uri"` | Defines how apisix 
handles routing: - radixtree_uri: match route by uri(base on radixtree) - 
radixtree_host_uri: match route by host + uri(base on radixtree) - 
radixtree_uri_with_parameter: match route by uri with parameters |
 | apisix.setIDFromPodUID | bool | `false` | Use Pod metadata.uid as the APISIX 
id. |
+| apisix.showUpstreamStatusInResponseHeader | bool | `false` | When true, the 
upstream status is always written to the `X-APISIX-Upstream-Status` response 
header; when false, it is written only for 5xx responses |
 | apisix.ssl.additionalContainerPorts | list | `[]` | Support multiple https 
ports, See 
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
 |
 | apisix.ssl.certCAFilename | string | `""` | Filename be used in the 
apisix.ssl.existingCASecret |
-| apisix.ssl.containerPort | int | `9443` |  |
-| apisix.ssl.enableHTTP3 | bool | `false` |  |
-| apisix.ssl.enabled | bool | `false` |  |
+| apisix.ssl.containerPort | int | `9443` | Container port APISIX listens on 
for HTTPS traffic |
+| apisix.ssl.enableHTTP3 | bool | `false` | Enable HTTP/3 (QUIC) on the HTTPS 
listeners |
+| apisix.ssl.enabled | bool | `false` | Enable HTTPS listeners |
 | apisix.ssl.existingCASecret | string | `""` | Specifies the name of Secret 
contains trusted CA certificates in the PEM format used to verify the 
certificate when APISIX needs to do SSL/TLS handshaking with external services 
(e.g. etcd) |
 | apisix.ssl.fallbackSNI | string | `""` | Define SNI to fallback if none is 
presented by client |
 | apisix.ssl.sslCiphers | string | 
`"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-
 [...]
 | apisix.ssl.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols 
allowed to use. |
-| apisix.status.ip | string | `"0.0.0.0"` |  |
-| apisix.status.port | int | `7085` |  |
+| apisix.ssl.sslSessionTickets | bool | `false` | Enable or disable TLS 
session tickets. Disabled by default because session tickets defeat Perfect 
Forward Secrecy (see https://github.com/mozilla/server-side-tls/issues/135) |
+| apisix.status.ip | string | `"0.0.0.0"` | The IP address on which the status 
endpoint (`/status`, `/status/ready`) listens |
+| apisix.status.port | int | `7085` | The port on which the status endpoint 
listens |
 | apisix.stream_plugins | list | `[]` | Customize the list of APISIX 
stream_plugins to enable. By default, APISIX's [default 
stream_plugins](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua#L294)
 are automatically used. |
+| apisix.tracing | bool | `false` | Enable comprehensive request lifecycle 
tracing (SSL/SNI, rewrite, access, header_filter, body_filter, and log). When 
disabled, OpenTelemetry collects only a single span per request. |
 | apisix.trustedAddresses | list | `["127.0.0.1"]` | When configured, APISIX 
will trust the `X-Forwarded-*` Headers passed in requests from the IP/CIDR in 
the list. |
 | apisix.vault.enabled | bool | `false` | Enable or disable the vault 
integration |
 | apisix.vault.host | string | `""` | The host address where the vault server 
is running. |
@@ -139,24 +190,26 @@ The command removes all the Kubernetes components 
associated with the chart and
 | apisix.vault.timeout | int | `10` | HTTP timeout for each request. |
 | apisix.vault.token | string | `""` | The generated token from vault instance 
that can grant access to read data from the vault. |
 | apisix.wasm.enabled | bool | `false` | Enable Wasm Plugins. See [wasm 
plugin](https://apisix.apache.org/docs/apisix/next/wasm/) |
-| apisix.wasm.plugins | list | `[]` |  |
-| autoscaling.enabled | bool | `false` |  |
-| autoscaling.maxReplicas | int | `100` |  |
-| autoscaling.minReplicas | int | `1` |  |
-| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| apisix.wasm.plugins | list | `[]` | List of Wasm plugins, each item with 
`name`, `priority` and `file` (path or URL of the wasm binary) |
+| autoscaling.enabled | bool | `false` | Enable HorizontalPodAutoscaler for 
APISIX (only when useDaemonSet is false) |
+| autoscaling.maxReplicas | int | `100` | Maximum number of APISIX replicas |
+| autoscaling.minReplicas | int | `1` | Minimum number of APISIX replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target average CPU 
utilization percentage that triggers scaling |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` | Target average 
memory utilization percentage that triggers scaling |
 | autoscaling.version | string | `"v2"` | HPA version, the value is "v2" or 
"v2beta1", default "v2" |
 | control.enabled | bool | `true` | Enable Control API |
 | control.ingress | object | 
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-control.local","paths":["/*"]}],"tls":[]}`
 | Using ingress access Apache APISIX Control service |
 | control.ingress.annotations | object | `{}` | Ingress annotations |
-| control.ingress.hosts | list | 
`[{"host":"apisix-control.local","paths":["/*"]}]` | Ingress Class Name 
className: "nginx" |
+| control.ingress.enabled | bool | `false` | Enable an Ingress resource in 
front of the Control API service |
+| control.ingress.hosts | list | 
`[{"host":"apisix-control.local","paths":["/*"]}]` | Ingress host and path 
rules |
+| control.ingress.tls | list | `[]` | Ingress TLS settings |
 | control.service.annotations | object | `{}` | Control annotations |
 | control.service.externalIPs | list | `[]` | IPs for which nodes in the 
cluster will also accept traffic for the servic |
 | control.service.ip | string | `"127.0.0.1"` | which ip to listen on for 
Apache APISIX Control API |
 | control.service.port | int | `9090` | which port to use for Apache APISIX 
Control API |
 | control.service.servicePort | int | `9090` | Service port to use for Apache 
APISIX Control API |
 | control.service.type | string | `"ClusterIP"` | Control service type |
-| etcd | object | 
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"autoCompactionMode":"periodic","autoCompactionRetention":"1h","containerSecurityContext":{"enabled":false},"enabled":true,"image":{"registry":"docker.io","repository":"bitnamilegacy/etcd","tag":"latest"},"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}`
 | etcd configuration use the FQDN a [...]
+| etcd | object | 
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"autoCompactionMode":"periodic","autoCompactionRetention":"1h","containerSecurityContext":{"enabled":false},"enabled":true,"image":{"registry":"docker.io","repository":"bitnamilegacy/etcd","tag":"latest"},"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"startupRetry":2,"timeout":30,"watchTimeout":50}`
  [...]
 | etcd.auth | object | 
`{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}`
 | if etcd.enabled is true, set more values of bitnamilegacy/etcd helm chart |
 | etcd.auth.rbac.create | bool | `false` | No authentication by default. 
Switch to enable RBAC authentication |
 | etcd.auth.rbac.rootPassword | string | `""` | root password for etcd. 
Requires etcd.auth.rbac.create to be true. |
@@ -166,12 +219,18 @@ The command removes all the Kubernetes components 
associated with the chart and
 | etcd.auth.tls.existingSecret | string | `""` | name of the secret contains 
etcd client cert |
 | etcd.auth.tls.sni | string | `""` | specify the TLS Server Name Indication 
extension, the ETCD endpoint hostname will be used when this setting is unset. |
 | etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint 
certificate when setup a TLS connection to etcd |
+| etcd.autoCompactionMode | string | `"periodic"` | Auto compaction mode 
(periodic or revision), only used when etcd.enabled is true |
+| etcd.autoCompactionRetention | string | `"1h"` | Auto compaction retention 
for mvcc key value store, only used when etcd.enabled is true |
 | etcd.containerSecurityContext | object | `{"enabled":false}` | added for 
backward compatibility with old kubernetes versions, as seccompProfile is not 
supported in kubernetes < 1.19 |
 | etcd.enabled | bool | `true` | install built-in etcd by default, set false 
if do not want to install built-in etcd together, this etcd is based on 
bitnamilegacy/etcd helm chart and latest bitnami docker image, only for 
development and testing purposes, if you want to use etcd in production, we 
recommend you to install etcd by yourself and use `externalEtcd` to connect it. 
|
 | etcd.image | object | 
`{"registry":"docker.io","repository":"bitnamilegacy/etcd","tag":"latest"}` | 
docker image for built-in etcd |
 | etcd.image.tag | string | `"latest"` | `bitnamilegacy/etcd` only provide 
`latest` tag now, ref: https://github.com/bitnami/containers/issues/83267, you 
can switch `etcd.image.repository` to `bitnamilegacy/etcd` to use old versioned 
tags. |
 | etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
+| etcd.replicaCount | int | `3` | Number of etcd replicas, only used when 
etcd.enabled is true |
+| etcd.service.port | int | `2379` | etcd client service port |
+| etcd.startupRetry | int | `2` | The number of retries to etcd during startup 
|
 | etcd.timeout | int | `30` | Set the timeout value in seconds for subsequent 
socket operations from apisix to etcd cluster |
+| etcd.watchTimeout | int | `50` | Set the timeout value in seconds for 
watching etcd |
 | externalEtcd | object | 
`{"existingSecret":"","host":["http://etcd.host:2379"],"password":"","secretPasswordKey":"etcd-root-password","user":"root"}`
 | external etcd configuration. If etcd.enabled is false, these configuration 
will be used. |
 | externalEtcd.existingSecret | string | `""` | if externalEtcd.existingSecret 
is the name of secret containing the external etcd password |
 | externalEtcd.host | list | `["http://etcd.host:2379"]` | if etcd.enabled is 
false, use external etcd, support multiple address, if your etcd cluster 
enables TLS, please use https scheme, e.g. https://127.0.0.1:2379. |
@@ -182,18 +241,22 @@ The command removes all the Kubernetes components 
associated with the chart and
 | extraDeploy | list | `[]` | Additional Kubernetes resources to deploy with 
the release. |
 | extraEnvVars | list | `[]` | extraEnvVars An array to add extra env vars 
e.g: extraEnvVars:   - name: FOO     value: "bar"   - name: FOO2     valueFrom: 
      secretKeyRef:         name: SECRET_NAME         key: KEY |
 | extraInitContainers | list | `[]` | Additional `initContainers`, See 
[Kubernetes 
initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
 for the detail. |
-| extraVolumeMounts | list | `[]` | Additional `volume`, See [Kubernetes 
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail. |
+| extraVolumeMounts | list | `[]` | Additional `volumeMounts` for the APISIX 
container, See [Kubernetes 
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail. |
 | extraVolumes | list | `[]` | Additional `volume`, See [Kubernetes 
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail. |
-| fullnameOverride | string | `""` |  |
+| fullnameOverride | string | `""` | String to fully override the chart 
fullname |
 | global.imagePullSecrets | list | `[]` | Global Docker registry secret names 
as an array |
-| hostNetwork | bool | `false` |  |
+| hostNetwork | bool | `false` | Use the host's network namespace |
 | image.pullPolicy | string | `"IfNotPresent"` | Apache APISIX image pull 
policy |
 | image.repository | string | `"apache/apisix"` | Apache APISIX image 
repository |
 | image.tag | string | `"3.17.0-ubuntu"` | Apache APISIX image tag Overrides 
the image tag whose default is the chart appVersion. |
 | ingress | object | 
`{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"servicePort":null,"tls":[]}`
 | Using ingress access Apache APISIX service |
 | ingress-controller | object | 
`{"enabled":false,"webhook":{"enabled":false}}` | Ingress controller 
configuration |
+| ingress-controller.enabled | bool | `false` | Enable the 
apisix-ingress-controller sub-chart |
 | ingress.annotations | object | `{}` | Ingress annotations |
+| ingress.enabled | bool | `false` | Enable an Ingress resource in front of 
the APISIX service |
+| ingress.hosts | list | `[{"host":"apisix.local","paths":[]}]` | Ingress host 
and path rules |
 | ingress.servicePort | number | `nil` | Service port to send traffic. 
Defaults to `service.http.servicePort`. |
+| ingress.tls | list | `[]` | Ingress TLS settings |
 | initContainer.image | string | `"busybox"` | Init container image |
 | initContainer.tag | float | `1.28` | Init container tag |
 | metrics | object | 
`{"serviceMonitor":{"annotations":{},"enabled":false,"interval":"15s","labels":{},"name":"","namespace":""}}`
 | Observability configuration. |
@@ -203,7 +266,7 @@ The command removes all the Kubernetes components 
associated with the chart and
 | metrics.serviceMonitor.labels | object | `{}` | @param serviceMonitor.labels 
ServiceMonitor extra labels |
 | metrics.serviceMonitor.name | string | `""` | name of the serviceMonitor, by 
default, it is the same as the apisix fullname |
 | metrics.serviceMonitor.namespace | string | `""` | namespace where the 
serviceMonitor is deployed, by default, it is the same as the namespace of the 
apisix |
-| nameOverride | string | `""` |  |
+| nameOverride | string | `""` | String to partially override the chart 
fullname |
 | nodeSelector | object | `{}` | Node labels for Apache APISIX pod assignment |
 | podAnnotations | object | `{}` | Annotations to add to each pod |
 | podDisruptionBudget | object | 
`{"enabled":false,"maxUnavailable":1,"minAvailable":"90%"}` | See 
https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more 
details |
@@ -212,23 +275,30 @@ The command removes all the Kubernetes components 
associated with the chart and
 | podDisruptionBudget.minAvailable | string | `"90%"` | Set the `minAvailable` 
of podDisruptionBudget. You can specify only one of `maxUnavailable` and 
`minAvailable` in a single PodDisruptionBudget. See [Specifying a Disruption 
Budget for your 
Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
 for more details |
 | podSecurityContext | object | `{}` | Set the securityContext for Apache 
APISIX pods |
 | priorityClassName | string | `""` | Set 
[priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)
 for Apache APISIX pods |
-| rbac.create | bool | `false` |  |
+| rbac.create | bool | `false` | Whether RBAC resources (ClusterRole and 
ClusterRoleBinding) should be created |
 | replicaCount | int | `1` | if useDaemonSet is true or autoscaling.enabled is 
true, replicaCount not become effective |
 | resources | object | `{}` | Set pod resource requests & limits |
 | securityContext | object | `{}` | Set the securityContext for Apache APISIX 
container |
-| service.externalIPs | list | `[]` |  |
-| service.externalTrafficPolicy | string | `"Cluster"` |  |
+| service.externalIPs | list | `[]` | IPs for which nodes in the cluster will 
also accept traffic for the service |
+| service.externalTrafficPolicy | string | `"Cluster"` | Setting how the 
Service route external traffic. If you want to keep the client source IP, you 
can set this to Local, ref: 
https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
 |
 | service.http | object | 
`{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}`
 | Apache APISIX service settings for http |
 | service.http.additionalContainerPorts | list | `[]` | Support multiple http 
ports, See 
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
 |
+| service.http.containerPort | int | `9080` | Container port APISIX listens on 
for HTTP traffic |
+| service.http.enabled | bool | `true` | Enable plain HTTP listeners |
+| service.http.servicePort | int | `80` | Kubernetes service port for HTTP 
traffic |
 | service.labelsOverride | object | `{}` | Override default labels assigned to 
Apache APISIX gateway resources |
 | service.stream | object | `{"enabled":false,"tcp":[],"udp":[]}` | Apache 
APISIX service settings for stream. L4 proxy (TCP/UDP) |
+| service.stream.enabled | bool | `false` | Enable the stream (L4 proxy) 
subsystem |
+| service.stream.tcp | list | `[]` | TCP proxy port list, element format: port 
number, or a map with `addr` and optional `tls` |
+| service.stream.udp | list | `[]` | UDP proxy port list |
 | service.tls | object | `{"servicePort":443}` | Apache APISIX service 
settings for tls |
+| service.tls.servicePort | int | `443` | Kubernetes service port for HTTPS 
traffic |
 | service.type | string | `"NodePort"` | Apache APISIX service type for user 
access itself |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `false` |  |
-| serviceAccount.name | string | `""` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the 
ServiceAccount |
+| serviceAccount.create | bool | `false` | Whether a ServiceAccount should be 
created for the APISIX pods |
+| serviceAccount.name | string | `""` | Name of the ServiceAccount to use. If 
not set and create is true, a name is generated from the chart fullname |
 | timezone | string | `""` | timezone is the timezone where apisix uses. For 
example: "UTC" or "Asia/Shanghai" This value will be set on apisix container's 
environment variable TZ. You may need to set the timezone to be consistent with 
your local time zone, otherwise the apisix's logs may used to retrieve event 
maybe in wrong timezone. |
 | tolerations | list | `[]` | List of node taints to tolerate |
 | topologySpreadConstraints | list | `[]` | Topology Spread Constraints for 
pod assignment spread across your cluster among failure-domains ref: 
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
 |
-| updateStrategy | object | `{}` |  |
+| updateStrategy | object | `{}` | Update strategy of the workload (Deployment 
or DaemonSet), e.g. `type: RollingUpdate` |
 | useDaemonSet | bool | `false` | set false to use `Deployment`, set true to 
use `DaemonSet` |
diff --git a/charts/apisix/templates/configmap.yaml 
b/charts/apisix/templates/configmap.yaml
index 6189527..8739d72 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -75,30 +75,42 @@ data:
       enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver
       enable_http2: {{ .Values.apisix.enableHTTP2 }}
       enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether 
the APISIX version number should be shown in Server header
+      show_upstream_status_in_response_header: {{ 
.Values.apisix.showUpstreamStatusInResponseHeader }} # when true, all upstream 
statuses are written to `X-APISIX-Upstream-Status`; otherwise only 5xx codes
 
-      # proxy_protocol:                   # Proxy Protocol configuration
-      #   listen_http_port: 9181          # The port with proxy protocol for 
http, it differs from node_listen and admin_listen.
-      #                                   # This port can only receive http 
request with proxy protocol, but node_listen & admin_listen
-      #                                   # can only receive http request. If 
you enable proxy protocol, you must use this port to
-      #                                   # receive http request with proxy 
protocol
-      #   listen_https_port: 9182         # The port with proxy protocol for 
https
-      #   enable_tcp_pp: true             # Enable the proxy protocol for tcp 
proxy, it works for stream_proxy.tcp option
-      #   enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the 
upstream server
+      {{- if or .Values.apisix.proxyProtocol.enableTcpPP 
.Values.apisix.proxyProtocol.enableTcpPPToUpstream 
.Values.apisix.proxyProtocol.listenHttpPort 
.Values.apisix.proxyProtocol.listenHttpsPort }}
+      proxy_protocol:
+        {{- if .Values.apisix.proxyProtocol.listenHttpPort }}
+        listen_http_port: {{ .Values.apisix.proxyProtocol.listenHttpPort }}
+        {{- end }}
+        {{- if .Values.apisix.proxyProtocol.listenHttpsPort }}
+        listen_https_port: {{ .Values.apisix.proxyProtocol.listenHttpsPort }}
+        {{- end }}
+        enable_tcp_pp: {{ .Values.apisix.proxyProtocol.enableTcpPP }}
+        enable_tcp_pp_to_upstream: {{ 
.Values.apisix.proxyProtocol.enableTcpPPToUpstream }}
+      {{- end }}
 
       proxy_cache:                         # Proxy Caching configuration
-        cache_ttl: 10s                     # The default caching time if the 
upstream does not specify the cache time
+        cache_ttl: {{ .Values.apisix.proxyCache.cacheTtl }} # The default 
caching time if the upstream does not specify the cache time
         zones:                             # The parameters of a cache
-        - name: disk_cache_one             # The name of the cache, 
administrator can be specify
-                                           # which cache to use by name in the 
admin api
-          memory_size: 50m                 # The size of shared memory, it's 
used to store the cache index
-          disk_size: 1G                    # The size of disk, it's used to 
store the cache data
-          disk_path: "/tmp/disk_cache_one" # The path to store the cache data
-          cache_levels: "1:2"              # The hierarchy levels of a cache
-      #  - name: disk_cache_two
-      #    memory_size: 50m
-      #    disk_size: 1G
-      #    disk_path: "/tmp/disk_cache_two"
-      #    cache_levels: "1:2"
+          {{- toYaml .Values.apisix.proxyCache.zones | nindent 10 }}
+
+      delete_uri_tail_slash: {{ .Values.apisix.deleteURITailSlash }}    # 
delete the '/' at the end of the URI
+      # The URI normalization in servlet is a little different from the RFC's.
+      # See 
https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization,
+      # which is used under Tomcat.
+      # Turn this option on if you want to be compatible with servlet when 
matching URI path.
+      normalize_uri_like_servlet: {{ .Values.apisix.normalizeURILikeServlet }}
+
+      # fine tune the parameters of LRU cache for some features like secret
+      lru:
+        secret:
+          ttl: {{ .Values.apisix.lru.secret.ttl }} # seconds
+          count: {{ .Values.apisix.lru.secret.count }}
+          neg_ttl: {{ .Values.apisix.lru.secret.neg_ttl }}
+          neg_count: {{ .Values.apisix.lru.secret.neg_count }}
+
+      tracing: {{ .Values.apisix.tracing }}    # Enable comprehensive request 
lifecycle tracing (SSL/SNI, rewrite, access, header_filter, body_filter, and 
log).
+                                               # When disabled, OpenTelemetry 
collects only a single span per request.
 
       router:
         http: {{ .Values.apisix.router.http }}  # radixtree_uri: match route 
by uri(base on radixtree)
@@ -147,12 +159,15 @@ data:
           {{- end }}
         {{- end }}
       {{- end }}
-      # dns_resolver:
-      #   {{- range $resolver := .Values.apisix.dns.resolvers }}
-      #   - {{ $resolver }}
-      #   {{- end }}
+      {{- with .Values.apisix.dns.resolvers }}
+      dns_resolver:    # If not set, read from `/etc/resolv.conf`
+        {{- range $resolver := . }}
+        - {{ $resolver }}
+        {{- end }}
+      {{- end }}
       dns_resolver_valid: {{.Values.apisix.dns.validity}}
       resolver_timeout: {{.Values.apisix.dns.timeout}}
+      enable_resolv_search_opt: {{ .Values.apisix.dns.enableResolvSearchOpt }}
       ssl:
         enable: {{ .Values.apisix.ssl.enabled }}
         listen:
@@ -163,6 +178,7 @@ data:
           {{- end }}
         ssl_protocols: {{ .Values.apisix.ssl.sslProtocols | quote }}
         ssl_ciphers: {{ .Values.apisix.ssl.sslCiphers | quote }}
+        ssl_session_tickets: {{ .Values.apisix.ssl.sslSessionTickets }}
         {{- if and .Values.apisix.ssl.enabled 
.Values.apisix.ssl.existingCASecret }}
         ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ 
.Values.apisix.ssl.certCAFilename }}"
         {{- end }}
@@ -187,6 +203,9 @@ data:
       worker_processes: "{{ .Values.apisix.nginx.workerProcesses }}"
       enable_cpu_affinity: {{ and true .Values.apisix.nginx.enableCPUAffinity 
}}
       worker_rlimit_nofile: {{ default "20480" 
.Values.apisix.nginx.workerRlimitNofile }}  # the number of files a worker 
process can open, should be larger than worker_connections
+      worker_shutdown_timeout: "{{ default "240s" 
.Values.apisix.nginx.workerShutdownTimeout }}"   # timeout for a graceful 
shutdown of worker processes
+      max_pending_timers: {{ default "16384" 
.Values.apisix.nginx.maxPendingTimers }}   # increase it if you see "too many 
pending timers" error
+      max_running_timers: {{ default "4096" 
.Values.apisix.nginx.maxRunningTimers }}    # increase it if you see 
"lua_max_running_timers are not enough" error
       event:
         worker_connections: {{ default "10620" 
.Values.apisix.nginx.workerConnections  }}
       {{- with .Values.apisix.nginx.envs }}
@@ -202,6 +221,13 @@ data:
           {{ $dict.name }}: {{ $dict.size }}
         {{- end }}
       {{- end }}
+      stream:
+        enable_access_log: {{ .Values.apisix.nginx.logs.stream.enableAccessLog 
}}
+        {{- if .Values.apisix.nginx.logs.stream.enableAccessLog }}
+        access_log: "{{ .Values.apisix.nginx.logs.stream.accessLog }}"
+        access_log_format: '{{ 
.Values.apisix.nginx.logs.stream.accessLogFormat }}'
+        access_log_format_escape: {{ 
.Values.apisix.nginx.logs.stream.accessLogFormatEscape }}
+        {{- end }}
       http:
         enable_access_log: {{ .Values.apisix.nginx.logs.enableAccessLog }}
         {{- if .Values.apisix.nginx.logs.enableAccessLog }}
@@ -210,14 +236,26 @@ data:
         access_log_format_escape: {{ 
.Values.apisix.nginx.logs.accessLogFormatEscape }}
         {{- end }}
         keepalive_timeout: {{ .Values.apisix.nginx.keepaliveTimeout | quote }}
-        client_header_timeout: 60s     # timeout for reading client request 
header, then 408 (Request Time-out) error is returned to the client
-        client_body_timeout: 60s       # timeout for reading client request 
body, then 408 (Request Time-out) error is returned to the client
-        send_timeout: 10s              # timeout for transmitting a response 
to the client.then the connection is closed
-        underscores_in_headers: "on"   # default enables the use of 
underscores in client request header fields
-        real_ip_header: "X-Real-IP"    # 
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+        client_header_timeout: {{ 
.Values.apisix.nginx.http.clientHeaderTimeout }}     # timeout for reading 
client request header, then 408 (Request Time-out) error is returned to the 
client
+        client_body_timeout: {{ .Values.apisix.nginx.http.clientBodyTimeout }} 
      # timeout for reading client request body, then 408 (Request Time-out) 
error is returned to the client
+        send_timeout: {{ .Values.apisix.nginx.http.sendTimeout }}              
# timeout for transmitting a response to the client.then the connection is 
closed
+        client_max_body_size: {{ .Values.apisix.nginx.http.clientMaxBodySize 
}}   # The maximum allowed size of the client request body.
+                                       # If exceeded, the 413 (Request Entity 
Too Large) error is returned to the client.
+                                       # Note that unlike Nginx, we don't 
limit the body size by default.
+        underscores_in_headers: {{ 
.Values.apisix.nginx.http.underscoresInHeaders | quote }}   # default enables 
the use of underscores in client request header fields
+        real_ip_header: {{ .Values.apisix.nginx.http.realIpHeader | quote }}   
 # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+        real_ip_recursive: {{ .Values.apisix.nginx.http.realIpRecursive | 
quote }}    # 
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
         real_ip_from:                  # 
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
-          - 127.0.0.1
-          - 'unix:'
+          {{- range $ip := .Values.apisix.nginx.http.realIpFrom }}
+          - {{ $ip | quote }}
+          {{- end }}
+        proxy_ssl_server_name: {{ .Values.apisix.nginx.http.proxySslServerName 
}}  # send the server name (SNI) when establishing a TLS connection with the 
proxied HTTPS upstream
+        upstream:
+          keepalive: {{ .Values.apisix.nginx.http.upstream.keepalive }}        
             # The maximum number of idle keepalive connections to upstream 
servers per worker process
+          keepalive_requests: {{ 
.Values.apisix.nginx.http.upstream.keepaliveRequests }}    # The maximum number 
of requests that can be served through one keepalive connection
+          keepalive_timeout: {{ 
.Values.apisix.nginx.http.upstream.keepaliveTimeout }}      # Timeout during 
which an idle keepalive connection to an upstream server will stay open
+        charset: {{ .Values.apisix.nginx.http.charset }}    # Adds the 
specified charset to the "Content-Type" response header field
+        variables_hash_max_size: {{ 
.Values.apisix.nginx.http.variablesHashMaxSize }}    # Sets the maximum size of 
the variables hash table
         {{- if .Values.apisix.nginx.customLuaSharedDicts }}
         custom_lua_shared_dict:        # add custom shared cache to nginx.conf
         {{- range $dict := .Values.apisix.nginx.customLuaSharedDicts }}
@@ -249,6 +287,9 @@ data:
       stream_configuration_snippet: {{- toYaml 
.Values.apisix.nginx.configurationSnippet.stream | indent 6 }}
       {{- end }}
 
+    graphql:
+      max_size: {{ int .Values.apisix.graphql.maxSize }}    # the maximum size 
limitation of graphql in bytes
+
     {{- if .Values.apisix.discovery.enabled }}
     discovery:
       {{- range $key, $value := .Values.apisix.discovery.registry }}
@@ -390,7 +431,9 @@ data:
           {{- end}}
       {{- end }}
         prefix: {{ .Values.etcd.prefix | quote }}    # configuration prefix in 
etcd
-        timeout: {{ .Values.etcd.timeout }}    # 30 seconds
+        timeout: {{ .Values.etcd.timeout }}    # The timeout in seconds when 
connect/read/write to etcd
+        watch_timeout: {{ .Values.etcd.watchTimeout }}    # The timeout in 
seconds when watch etcd
+        startup_retry: {{ .Values.etcd.startupRetry }}    # the number of 
retry to etcd during the startup
         {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.user }}
         user: {{ .Values.externalEtcd.user | quote }}
         password: "{{ print "${{ APISIX_ETCD_PASSWORD }}" }}"
diff --git a/charts/apisix/templates/hpa.yaml b/charts/apisix/templates/hpa.yaml
index db3acc5..feb4095 100644
--- a/charts/apisix/templates/hpa.yaml
+++ b/charts/apisix/templates/hpa.yaml
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{- if .Values.autoscaling.enabled }}
+{{- if and .Values.autoscaling.enabled (not .Values.useDaemonSet) }}
 
 apiVersion: autoscaling/{{ .Values.autoscaling.version }}
 kind: HorizontalPodAutoscaler
diff --git a/charts/apisix/templates/service-gateway.yaml 
b/charts/apisix/templates/service-gateway.yaml
index 7797435..71b6e6a 100644
--- a/charts/apisix/templates/service-gateway.yaml
+++ b/charts/apisix/templates/service-gateway.yaml
@@ -76,6 +76,24 @@ spec:
     port: {{ .port }}
     targetPort: {{ .port }}
   {{- end }}
+  {{- if .Values.apisix.proxyProtocol.listenHttpPort }}
+  - name: apisix-gateway-pp
+    port: {{ .Values.apisix.proxyProtocol.listenHttpPort }}
+    targetPort: {{ .Values.apisix.proxyProtocol.listenHttpPort }}
+    {{- if (and (eq .Values.service.type "NodePort") (not (empty 
.Values.apisix.proxyProtocol.listenHttpNodePort))) }}
+    nodePort: {{ .Values.apisix.proxyProtocol.listenHttpNodePort }}
+    {{- end }}
+    protocol: TCP
+  {{- end }}
+  {{- if .Values.apisix.proxyProtocol.listenHttpsPort }}
+  - name: apisix-gateway-pp-tls
+    port: {{ .Values.apisix.proxyProtocol.listenHttpsPort }}
+    targetPort: {{ .Values.apisix.proxyProtocol.listenHttpsPort }}
+    {{- if (and (eq .Values.service.type "NodePort") (not (empty 
.Values.apisix.proxyProtocol.listenHttpsNodePort))) }}
+    nodePort: {{ .Values.apisix.proxyProtocol.listenHttpsNodePort }}
+    {{- end }}
+    protocol: TCP
+  {{- end }}
   {{- if and .Values.service.stream.enabled (or (gt (len 
.Values.service.stream.tcp) 0) (gt (len .Values.service.stream.udp) 0)) }}
   {{- with .Values.service.stream }}
   {{- if (gt (len .tcp) 0) }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index f1dc02b..41a4cd8 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -65,8 +65,6 @@ podDisruptionBudget:
 
 # -- Set pod resource requests & limits
 resources: {}
-  # -- Use the host's network namespace
-
   # We usually recommend not to specify default resources and to leave this as 
a conscious
   # choice for the user. This also increases chances charts run on 
environments with little
   # resources, such as Minikube. If you do want to specify resources, 
uncomment the following
@@ -77,6 +75,8 @@ resources: {}
   # requests:
   #   cpu: 100m
   #   memory: 128Mi
+
+# -- Use the host's network namespace
 hostNetwork: false
 
 # -- Node labels for Apache APISIX pod assignment
@@ -108,6 +108,7 @@ timezone: ""
 #         key: KEY
 extraEnvVars: []
 
+# -- Update strategy of the workload (Deployment or DaemonSet), e.g. `type: 
RollingUpdate`
 updateStrategy: {}
   # type: RollingUpdate
 
@@ -119,7 +120,7 @@ extraVolumes: []
 # - name: extras
 #   emptyDir: {}
 
-# -- Additional `volume`, See [Kubernetes 
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
+# -- Additional `volumeMounts` for the APISIX container, See [Kubernetes 
Volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the detail.
 extraVolumeMounts: []
 # - name: extras
 #   mountPath: /usr/share/extras
@@ -141,41 +142,55 @@ initContainer:
   tag: 1.28
 
 autoscaling:
+  # -- Enable HorizontalPodAutoscaler for APISIX (only when useDaemonSet is 
false)
   enabled: false
   # -- HPA version, the value is "v2" or "v2beta1", default "v2"
   version: v2
+  # -- Minimum number of APISIX replicas
   minReplicas: 1
+  # -- Maximum number of APISIX replicas
   maxReplicas: 100
+  # -- Target average CPU utilization percentage that triggers scaling
   targetCPUUtilizationPercentage: 80
+  # -- Target average memory utilization percentage that triggers scaling
   targetMemoryUtilizationPercentage: 80
 
+# -- String to partially override the chart fullname
 nameOverride: ""
+# -- String to fully override the chart fullname
 fullnameOverride: ""
 
 serviceAccount:
+  # -- Whether a ServiceAccount should be created for the APISIX pods
   create: false
+  # -- Annotations to add to the ServiceAccount
   annotations: {}
+  # -- Name of the ServiceAccount to use. If not set and create is true, a 
name is generated from the chart fullname
   name: ""
 
 rbac:
+  # -- Whether RBAC resources (ClusterRole and ClusterRoleBinding) should be 
created
   create: false
 
 service:
   # -- Apache APISIX service type for user access itself
   type: NodePort
-  # -- Setting how the Service route external traffic
-  # If you want to keep the client source IP, you can set this to Local.
-
+  # -- Setting how the Service route external traffic.
+  # If you want to keep the client source IP, you can set this to Local,
   # ref: 
https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
   externalTrafficPolicy: Cluster
   # type: LoadBalancer
   # annotations:
   #   service.beta.kubernetes.io/aws-load-balancer-type: nlb
+  # -- IPs for which nodes in the cluster will also accept traffic for the 
service
   externalIPs: []
   # -- Apache APISIX service settings for http
   http:
+    # -- Enable plain HTTP listeners
     enabled: true
+    # -- Kubernetes service port for HTTP traffic
     servicePort: 80
+    # -- Container port APISIX listens on for HTTP traffic
     containerPort: 9080
     # -- Support multiple http ports, See 
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
     additionalContainerPorts: []
@@ -186,13 +201,17 @@ service:
       #   enable_http2: true
   # -- Apache APISIX service settings for tls
   tls:
+    # -- Kubernetes service port for HTTPS traffic
     servicePort: 443
     # nodePort: 4443
 
   # -- Apache APISIX service settings for stream. L4 proxy (TCP/UDP)
   stream:
+    # -- Enable the stream (L4 proxy) subsystem
     enabled: false
+    # -- TCP proxy port list, element format: port number, or a map with 
`addr` and optional `tls`
     tcp: []
+    # -- UDP proxy port list
     udp: []
   #  - secretName: apisix-tls
   #    hosts:
@@ -205,6 +224,7 @@ service:
 
 # -- Using ingress access Apache APISIX service
 ingress:
+  # -- Enable an Ingress resource in front of the APISIX service
   enabled: false
   # -- (number) Service port to send traffic. Defaults to 
`service.http.servicePort`.
   servicePort:
@@ -212,9 +232,11 @@ ingress:
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
+  # -- Ingress host and path rules
   hosts:
     - host: apisix.local
       paths: []
+  # -- Ingress TLS settings
   tls: []
 
 control:
@@ -242,6 +264,7 @@ control:
     servicePort: 9090
   # -- Using ingress access Apache APISIX Control service
   ingress:
+    # -- Enable an Ingress resource in front of the Control API service
     enabled: false
     # -- Ingress annotations
     annotations:
@@ -250,10 +273,12 @@ control:
       # kubernetes.io/tls-acme: "true"
     # -- Ingress Class Name
     # className: "nginx"
+    # -- Ingress host and path rules
     hosts:
       - host: apisix-control.local
         paths:
           - "/*"
+    # -- Ingress TLS settings
     tls: []
   #  - secretName: apisix-tls
   #    hosts:
@@ -278,16 +303,87 @@ metrics:
 apisix:
   # -- Enable nginx IPv6 resolver
   enableIPv6: true
+  # -- Enable HTTP/2 on the HTTP listeners
   enableHTTP2: true
 
   # -- Whether the APISIX version number should be shown in Server header
   enableServerTokens: true
 
+  # -- When true, the upstream status is always written to the 
`X-APISIX-Upstream-Status` response header; when false, it is written only for 
5xx responses
+  showUpstreamStatusInResponseHeader: false
+
+  # -- PROXY Protocol configuration.
+  proxyProtocol:
+    # -- (int) The HTTP port that accepts the PROXY Protocol. It differs from 
`service.http` ports and `apisix.admin` port:
+    # this port only accepts HTTP requests carrying the PROXY Protocol, while 
the other ports only accept plain HTTP
+    # requests. If you enable the PROXY Protocol, you must use this port to 
receive HTTP requests with it.
+    # When set, the port is also exposed on the gateway Service.
+    listenHttpPort:
+    # -- (int) The nodePort of the PROXY Protocol HTTP port, only used if 
service.type is NodePort.
+    # If not set, a random port will be assigned by Kubernetes.
+    listenHttpNodePort:
+    # -- (int) The HTTPS port that accepts the PROXY Protocol.
+    # When set, the port is also exposed on the gateway Service.
+    listenHttpsPort:
+    # -- (int) The nodePort of the PROXY Protocol HTTPS port, only used if 
service.type is NodePort.
+    # If not set, a random port will be assigned by Kubernetes.
+    listenHttpsNodePort:
+    # -- Accept the PROXY Protocol on every service.stream.tcp port.
+    enableTcpPP: false
+    # -- Send the PROXY Protocol to the upstream server on every 
service.stream.tcp port.
+    enableTcpPPToUpstream: false
+
+  # -- Proxy caching configuration used by the proxy-cache plugin.
+  proxyCache:
+    # -- The default caching time in disk if the upstream does not specify the 
cache time
+    cacheTtl: 10s
+    # -- The parameters of a cache. The `memory_size` field stores the cache 
index for the
+    # disk strategy and the cache content for the memory strategy; 
`disk_size`, `disk_path`
+    # and `cache_levels` only apply to the disk strategy.
+    zones:
+      - name: disk_cache_one
+        memory_size: 50m
+        disk_size: 1G
+        disk_path: "/tmp/disk_cache_one"
+        cache_levels: "1:2"
+      - name: memory_cache
+        memory_size: 50m
+
+  graphql:
+    # -- The maximum size in bytes of GraphQL queries APISIX parses when 
matching routes by GraphQL attributes (default 1MiB)
+    maxSize: 1048576
+
+  # -- Delete the '/' at the end of the URI
+  deleteURITailSlash: false
+
+  # -- The URI normalization in servlet is a little different from the RFC's.
+  # See 
https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization,
+  # which is used under Tomcat.
+  # Turn this option on if you want to be compatible with servlet when 
matching URI path.
+  normalizeURILikeServlet: false
+
+  # -- fine tune the parameters of LRU cache for some features like secret
+  lru:
+    secret:
+      # -- TTL in seconds for cached secret values
+      ttl: 300
+      # -- Maximum number of cached secret values
+      count: 512
+      # -- TTL in seconds for cached negative (failed lookup) results
+      neg_ttl: 60
+      # -- Maximum number of cached negative (failed lookup) results
+      neg_count: 512
+
+  # -- Enable comprehensive request lifecycle tracing (SSL/SNI, rewrite, 
access, header_filter, body_filter, and log).
+  # When disabled, OpenTelemetry collects only a single span per request.
+  tracing: false
+
   # -- Use Pod metadata.uid as the APISIX id.
   setIDFromPodUID: false
 
   # -- Whether to add a custom lua module
   luaModuleHook:
+    # -- Enable loading a custom lua module hook
     enabled: false
     # -- extend lua_package_path to load third party code
     luaPath: ""
@@ -306,7 +402,9 @@ apisix:
           path: ""
 
   ssl:
+    # -- Enable HTTPS listeners
     enabled: false
+    # -- Container port APISIX listens on for HTTPS traffic
     containerPort: 9443
     # -- Support multiple https ports, See 
[Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
     additionalContainerPorts: []
@@ -317,11 +415,15 @@ apisix:
     existingCASecret: ""
     # -- Filename be used in the apisix.ssl.existingCASecret
     certCAFilename: ""
+    # -- Enable HTTP/3 (QUIC) on the HTTPS listeners
     enableHTTP3: false
     # -- TLS protocols allowed to use.
     sslProtocols: "TLSv1.2 TLSv1.3"
     # -- TLS ciphers allowed to use.
     sslCiphers: 
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES25
 [...]
+    # -- Enable or disable TLS session tickets. Disabled by default because 
session tickets
+    # defeat Perfect Forward Secrecy (see 
https://github.com/mozilla/server-side-tls/issues/135)
+    sslSessionTickets: false
     # -- Define SNI to fallback if none is presented by client
     fallbackSNI: ""
 
@@ -352,7 +454,7 @@ apisix:
     # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
     role: "traditional"
     role_traditional:
-      # enum: etcd, yaml
+      # -- Config provider for the traditional role. enum: etcd, yaml
       config_provider: "etcd"
 
     # -- Standalone rules configuration
@@ -414,29 +516,86 @@ apisix:
         - 127.0.0.1/24
     # -- Using ingress access Apache APISIX admin service
     ingress:
+      # -- Enable an Ingress resource in front of the Admin API service
       enabled: false
       # -- Ingress annotations
       annotations:
         {}
         # kubernetes.io/ingress.class: nginx
         # kubernetes.io/tls-acme: "true"
+      # -- Ingress host and path rules
       hosts:
         - host: apisix-admin.local
           paths:
             - "/apisix"
+      # -- Ingress TLS settings
       tls: []
     #  - secretName: apisix-tls
     #    hosts:
     #      - chart-example.local
 
   nginx:
+    # -- The number of files a worker process can open, should be larger than 
apisix.nginx.workerConnections
     workerRlimitNofile: "20480"
+    # -- The maximum number of connections that each worker process can open
     workerConnections: "10620"
+    # -- The number of nginx worker processes. `auto` means the number of CPU 
cores
     workerProcesses: auto
+    # -- Bind nginx worker processes to CPUs
     enableCPUAffinity: true
+    # -- Timeout for a graceful shutdown of worker processes
+    workerShutdownTimeout: "240s"
+    # -- Maximum number of pending timers. Increase it if you see "too many 
pending timers" error
+    maxPendingTimers: 16384
+    # -- Maximum number of running timers. Increase it if you see 
"lua_max_running_timers are not enough" error
+    maxRunningTimers: 4096
     # -- Timeout during which a keep-alive client connection will stay open on 
the server side.
     keepaliveTimeout: 60s
+    # -- List of environment variable names allowed to be accessed within 
nginx (rendered as nginx `env` directives)
     envs: []
+    # -- Nginx HTTP subsystem configurations
+    http:
+      # -- timeout for reading client request header, then 408 (Request 
Time-out) error is returned to the client
+      clientHeaderTimeout: "60s"
+      # -- timeout for reading client request body, then 408 (Request 
Time-out) error is returned to the client
+      clientBodyTimeout: "60s"
+      # -- timeout for transmitting a response to the client, then the 
connection is closed
+      sendTimeout: "10s"
+      # -- The maximum allowed size of the client request body.
+      # If exceeded, the 413 (Request Entity Too Large) error is returned to 
the client.
+      # Note that unlike Nginx, we don't limit the body size by default (0 
means no limit).
+      clientMaxBodySize: 0
+      # -- Enable the use of underscores in client request header fields
+      underscoresInHeaders: "on"
+      # -- The request header used to determine the client's real IP address,
+      # see 
[real_ip_header](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header)
+      realIpHeader: "X-Real-IP"
+      # -- Whether to search for the real IP recursively when the header set 
in apisix.nginx.http.realIpHeader contains multiple addresses,
+      # see 
[real_ip_recursive](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive)
+      realIpRecursive: "off"
+      # -- Trusted addresses from which the real IP header is honored,
+      # see 
[set_real_ip_from](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from)
+      realIpFrom:
+        - 127.0.0.1
+        - "unix:"
+      # -- Enables or disables passing of the server name through TLS Server 
Name Indication extension (SNI, RFC 6066)
+      # when establishing a connection with the proxied HTTPS server
+      proxySslServerName: true
+      # -- Keepalive settings for connections from APISIX to upstream servers
+      upstream:
+        # -- Maximum number of idle keepalive connections to upstream servers 
that are preserved in the cache of each worker process.
+        # When this number is exceeded, the least recently used connections 
are closed
+        keepalive: 320
+        # -- Maximum number of requests that can be served through one 
keepalive connection.
+        # After the maximum number of requests is made, the connection is 
closed
+        keepaliveRequests: 1000
+        # -- Timeout during which an idle keepalive connection to an upstream 
server will stay open
+        keepaliveTimeout: 60s
+      # -- The charset added to the "Content-Type" response header field,
+      # see 
[charset](http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset)
+      charset: utf-8
+      # -- The maximum size of the nginx variables hash table
+      variablesHashMaxSize: 2048
     # access log and error log configuration
     logs:
       # -- Enable access log or not, default true
@@ -451,18 +610,36 @@ apisix:
       errorLog: "/dev/stderr"
       # -- Error log level
       errorLogLevel: "warn"
-    # -- Custom configuration snippet.
+      # -- Stream (L4 proxy) access log configuration
+      stream:
+        # -- Enable stream access log or not, default false
+        enableAccessLog: false
+        # -- Stream access log path
+        accessLog: "logs/access_stream.log"
+        # -- Stream access log format
+        accessLogFormat: '$remote_addr [$time_local] $protocol $status 
$bytes_sent $bytes_received $session_time'
+        # -- Allows setting json or default characters escaping in variables 
for stream
+        accessLogFormatEscape: default
+    # -- Custom nginx configuration snippets injected into the generated 
nginx.conf.
+    # As arbitrary configuration can be added here, it is your responsibility 
to make sure
+    # the snippets don't conflict with the configuration generated by APISIX.
     configurationSnippet:
+      # -- Snippet added to the nginx `main` (top-level) block
       main: |
 
+      # -- Snippet added to the beginning of the nginx `http` block
       httpStart: |
 
+      # -- Snippet added to the end of the nginx `http` block
       httpEnd: |
 
+      # -- Snippet added to the nginx `server` block that proxies regular 
traffic
       httpSrv: |
 
+      # -- Snippet added to the nginx `server` block that serves the Admin API
       httpAdmin: |
 
+      # -- Snippet added to the nginx `stream` block
       stream: |
 
     # -- Add custom 
[lua_shared_dict](https://github.com/openresty/lua-nginx-module?tab=readme-ov-file#lua_shared_dict)
 settings,
@@ -533,15 +710,18 @@ apisix:
       #     This is for allowing the default `host` and `port` of 
`.discovery.registry.kubernetes.service`.
 
   dns:
-    resolvers:
-      - 127.0.0.1
-      - 172.20.0.10
-      - 114.114.114.114
-      - 223.5.5.5
-      - 1.1.1.1
-      - 8.8.8.8
+    # -- Nameservers used by APISIX to resolve upstream domain names.
+    # When empty (default), nameservers are read from `/etc/resolv.conf`,
+    # which is usually what you want inside Kubernetes
+    resolvers: []
+      # - 127.0.0.1
+      # - 8.8.8.8
+    # -- Override the TTL in seconds of valid DNS records
     validity: 30
+    # -- DNS resolver timeout in seconds
     timeout: 5
+    # -- Honor the `search` option in `/etc/resolv.conf` when resolving domain 
names
+    enableResolvSearchOpt: true
 
   vault:
     # -- Enable or disable the vault integration
@@ -556,7 +736,7 @@ apisix:
     prefix: ""
 
   prometheus:
-    # ref: https://apisix.apache.org/docs/apisix/plugins/prometheus/
+    # -- Enable Prometheus metrics. ref: 
https://apisix.apache.org/docs/apisix/plugins/prometheus/
     enabled: false
     # -- path of the metrics endpoint
     path: /apisix/prometheus/metrics
@@ -583,6 +763,7 @@ apisix:
   wasm:
     # -- Enable Wasm Plugins. See [wasm 
plugin](https://apisix.apache.org/docs/apisix/next/wasm/)
     enabled: false
+    # -- List of Wasm plugins, each item with `name`, `priority` and `file` 
(path or URL of the wasm binary)
     plugins: []
 
   # -- customPlugins allows you to mount your own HTTP plugins.
@@ -608,7 +789,9 @@ apisix:
               path: "mount-path"
 
   status:
+    # -- The IP address on which the status endpoint (`/status`, 
`/status/ready`) listens
     ip: "0.0.0.0"
+    # -- The port on which the status endpoint listens
     port: 7085
 
   # -- When configured, APISIX will trust the `X-Forwarded-*` Headers passed 
in requests from the IP/CIDR in the list.
@@ -651,6 +834,10 @@ etcd:
   prefix: "/apisix"
   # -- Set the timeout value in seconds for subsequent socket operations from 
apisix to etcd cluster
   timeout: 30
+  # -- Set the timeout value in seconds for watching etcd
+  watchTimeout: 50
+  # -- The number of retries to etcd during startup
+  startupRetry: 2
 
   # -- if etcd.enabled is true, set more values of bitnamilegacy/etcd helm 
chart
   auth:
@@ -679,14 +866,19 @@ etcd:
     enabled: false
 
   service:
+    # -- etcd client service port
     port: 2379
 
+  # -- Number of etcd replicas, only used when etcd.enabled is true
   replicaCount: 3
+  # -- Auto compaction retention for mvcc key value store, only used when 
etcd.enabled is true
   autoCompactionRetention: "1h"
+  # -- Auto compaction mode (periodic or revision), only used when 
etcd.enabled is true
   autoCompactionMode: "periodic"
 
 # -- Ingress controller configuration
 ingress-controller:
+  # -- Enable the apisix-ingress-controller sub-chart
   enabled: false
   webhook:
     # Specifies whether to enable the validation webhook.

Reply via email to