First try apisix-ingress-controler
This commit is contained in:
parent
82096575ba
commit
718741df6b
|
@ -0,0 +1,32 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: ingress-apisix
|
||||
|
||||
resources:
|
||||
- resources/namespace.yaml
|
||||
- resources/etcd
|
||||
- resources/apisix-deployment.yaml
|
||||
- resources/apisix-svc.yaml
|
||||
- resources/apisix-dashboard
|
||||
- resources/ingress-controller
|
||||
|
||||
configMapGenerator:
|
||||
- name: apisix-config
|
||||
files:
|
||||
- resources/files/apisix-config.yaml
|
||||
- name: apisix-env-config
|
||||
literals:
|
||||
- APISIX_NODE_LISTEN="9080"
|
||||
- APISIX_PORT_ADMIN="9180"
|
||||
- APISIX_ETCD_URL="http://etcd-server:2379"
|
||||
- APISIX_ADMIN_URL="http://apisix-admin:9180/apisix/admin"
|
||||
- name: apisix-ingress-cm
|
||||
behavior: replace
|
||||
files:
|
||||
- config.yaml=resources/files/apisix-ic-config.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: apisix-senstitive
|
||||
literals:
|
||||
- APISIX_ADMIN_KEY="iom4ahdohzohzi4zoothug7iePhaLoijiequaacaiJeye"
|
||||
- APISIX_VIEWER_KEY="jah9ahquu8ohvaZ6iiQu9aeNie3uchie5goo4Fii8leif"
|
|
@ -0,0 +1,20 @@
|
|||
conf:
|
||||
listen:
|
||||
host: 0.0.0.0
|
||||
port: 9000
|
||||
etcd:
|
||||
prefix: "/apisix"
|
||||
endpoints:
|
||||
- etcd-server:2379
|
||||
log:
|
||||
error_log:
|
||||
level: debug
|
||||
file_path: /dev/stderr
|
||||
access_log:
|
||||
file_path: /dev/stdout
|
||||
authentication:
|
||||
secret: secret
|
||||
expire_time: 3600
|
||||
users:
|
||||
- username: admin
|
||||
password: to4jo6vuaZ8Iehohch2deeN6LeaghohChe
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- resources/service-account.yaml
|
||||
- resources/deployment.yaml
|
||||
- resources/service.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: apisix-dashboard
|
||||
files:
|
||||
- config.yaml=files/dashboard.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: apisix-dashboard-sensitive
|
||||
literals:
|
||||
- APISIX_DASHBOARD_ADMIN_USERNAME="admin"
|
||||
- APISIX_DASHBOARD_ADMIN_PASSWORD="shae9konga0ie0Ru"
|
|
@ -0,0 +1,71 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
app.kubernetes.io/version: 3.0.0
|
||||
name: apisix-dashboard
|
||||
spec:
|
||||
progressDeadlineSeconds: 600
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 25%
|
||||
maxUnavailable: 25%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
spec:
|
||||
containers:
|
||||
- name: dashboard
|
||||
image: reg.cadoles.com/proxy_cache/apache/apisix-dashboard:3.0.0-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: apisix-dashboard-sensitive
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: http
|
||||
scheme: HTTP
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
name: http
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: http
|
||||
scheme: HTTP
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources: {}
|
||||
securityContext: {}
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/apisix-dashboard/conf/conf.yaml
|
||||
name: apisix-dashboard-config
|
||||
subPath: config.yaml
|
||||
restartPolicy: Always
|
||||
serviceAccount: apisix-dashboard
|
||||
serviceAccountName: apisix-dashboard
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: apisix-dashboard
|
||||
name: apisix-dashboard-config
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
app.kubernetes.io/version: 3.0.0
|
||||
name: apisix-dashboard
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
app.kubernetes.io/version: 3.0.0
|
||||
name: apisix-dashboard
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app.kubernetes.io/instance: apisix
|
||||
app.kubernetes.io/name: dashboard
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
|
@ -0,0 +1,68 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: apisix
|
||||
labels:
|
||||
app.kubernetes.io/name: apisix
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: apisix
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: apisix
|
||||
spec:
|
||||
containers:
|
||||
- name: apisix
|
||||
image: "apache/apisix:3.2.2-debian"
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: apisix-env-config
|
||||
- secretRef:
|
||||
name: apisix-senstitive
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9080
|
||||
protocol: TCP
|
||||
- name: tls
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: admin
|
||||
containerPort: 9180
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 6
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
tcpSocket:
|
||||
port: 9080
|
||||
timeoutSeconds: 1
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- "sleep 30"
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/apisix/conf/config.yaml
|
||||
name: apisix-config
|
||||
subPath: apisix-config.yaml
|
||||
resources: {}
|
||||
initContainers:
|
||||
- name: wait-etcd
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- until nc -z etcd-server 2379; do echo waiting for etcd `date`; sleep 2; done;
|
||||
image: busybox:1.28
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumes:
|
||||
- name: apisix-config
|
||||
configMap:
|
||||
defaultMode: 420
|
||||
name: apisix-config
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: apisix-admin
|
||||
labels:
|
||||
app.kubernetes.io/name: apisix
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: apisix-admin
|
||||
port: 9180
|
||||
targetPort: 9180
|
||||
protocol: TCP
|
||||
selector:
|
||||
app.kubernetes.io/name: apisix
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- https://github.com/kustomhippie/etcd.git?ref=v2.0.2
|
||||
#- https://github.com/kustomhippie/etcd.git//snapshot?ref=v2.0.2
|
||||
|
||||
patches:
|
||||
- path: patches/statefulset.yaml
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
|
||||
metadata:
|
||||
name: etcd-server
|
||||
|
||||
spec:
|
||||
replicas: 3
|
|
@ -0,0 +1,97 @@
|
|||
apisix:
|
||||
node_listen: ${{APISIX_NODE_LISTEN}} # APISIX listening port
|
||||
enable_heartbeat: true
|
||||
enable_admin: true
|
||||
enable_admin_cors: true
|
||||
enable_debug: false
|
||||
enable_dev_mode: false # when set to true, sets Nginx worker_processes to 1
|
||||
enable_reuseport: true # when set to true, enables nginx SO_REUSEPORT switch
|
||||
enable_ipv6: true
|
||||
config_center: etcd # use etcd to store configuration
|
||||
|
||||
allow_admin: # see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
|
||||
- 0.0.0.0/0
|
||||
port_admin: ${{APISIX_PORT_ADMIN}}
|
||||
|
||||
# default token used when calling the Admin API
|
||||
# it is recommended to modify this value in production
|
||||
# when disabled, Admin API won't require any authentication
|
||||
admin_key:
|
||||
# admin: full access to configuration data
|
||||
- name: "admin"
|
||||
key: edd1c9f034335f136f87ad84b625c8f1
|
||||
role: admin
|
||||
# viewer: can only view the configuration data
|
||||
- name: "viewer"
|
||||
key: 4054f7cf07e344346cd3f287985e76a2
|
||||
role: viewer
|
||||
# dns_resolver:
|
||||
# - 127.0.0.1
|
||||
dns_resolver_valid: 30
|
||||
resolver_timeout: 5
|
||||
|
||||
nginx_config: # template configuration to generate nginx.conf
|
||||
error_log: "/dev/stderr"
|
||||
error_log_level: "warn" # warn, error
|
||||
worker_rlimit_nofile: 20480 # number of files a worker process can open. Should be larger than worker_connections
|
||||
event:
|
||||
worker_connections: 10620
|
||||
http:
|
||||
access_log: "/dev/stdout"
|
||||
keepalive_timeout: 60s # timeout for which a keep-alive client connection will stay open on the server side
|
||||
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
|
||||
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
|
||||
send_timeout: 10s # timeout for transmitting a response to the client, then the connection is closed
|
||||
underscores_in_headers: "on" # enables the use of underscores in client request header fields
|
||||
real_ip_header: "X-Real-IP" # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
|
||||
real_ip_from: # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
|
||||
- 127.0.0.1
|
||||
- 'unix:'
|
||||
|
||||
etcd:
|
||||
host:
|
||||
- ${{APISIX_ETCD_URL}}
|
||||
prefix: "/apisix" # APISIX configurations prefix
|
||||
timeout: 30 # in seconds
|
||||
plugins: # list of APISIX Plugins
|
||||
- api-breaker
|
||||
- authz-keycloak
|
||||
- basic-auth
|
||||
- batch-requests
|
||||
- consumer-restriction
|
||||
- cors
|
||||
- echo
|
||||
- fault-injection
|
||||
- grpc-transcode
|
||||
- hmac-auth
|
||||
- http-logger
|
||||
- ip-restriction
|
||||
- jwt-auth
|
||||
- kafka-logger
|
||||
- key-auth
|
||||
- limit-conn
|
||||
- limit-count
|
||||
- limit-req
|
||||
- node-status
|
||||
- openid-connect
|
||||
- prometheus
|
||||
- proxy-cache
|
||||
- proxy-mirror
|
||||
- proxy-rewrite
|
||||
- redirect
|
||||
- referer-restriction
|
||||
- request-id
|
||||
- request-validation
|
||||
- response-rewrite
|
||||
- serverless-post-function
|
||||
- serverless-pre-function
|
||||
- sls-logger
|
||||
- syslog
|
||||
- tcp-logger
|
||||
- udp-logger
|
||||
- uri-blocker
|
||||
- wolf-rbac
|
||||
- zipkin
|
||||
- traffic-split
|
||||
stream_plugins:
|
||||
- mqtt-proxy
|
|
@ -0,0 +1,380 @@
|
|||
apisix:
|
||||
node_listen: # APISIX listening ports.
|
||||
- ${{APISIX_NODE_LISTEN}}
|
||||
enable_admin: true # Admin API
|
||||
enable_dev_mode: false # If true, set nginx `worker_processes` to 1.
|
||||
enable_reuseport: true # If true, enable nginx SO_REUSEPORT option.
|
||||
show_upstream_status_in_response_header: false # If true, include the upstream HTTP status code in
|
||||
enable_ipv6: false
|
||||
enable_server_tokens: true # If true, show APISIX version in the `Server` response header.
|
||||
extra_lua_path: "" # Extend lua_package_path to load third-party code.
|
||||
extra_lua_cpath: "" # Extend lua_package_cpath to load third-party code.
|
||||
proxy_cache: # Proxy Caching configuration
|
||||
cache_ttl: 10s # The default caching time on disk if the upstream does not specify a caching time.
|
||||
zones:
|
||||
- name: disk_cache_one # Name of the cache.
|
||||
memory_size: 50m # Size of the memory to store the cache index.
|
||||
disk_size: 1G # Size of the disk to store the cache data.
|
||||
disk_path: /tmp/disk_cache_one # Path to the cache file for disk cache.
|
||||
cache_levels: 1:2 # Cache hierarchy levels of disk cache.
|
||||
- name: memory_cache
|
||||
memory_size: 50m
|
||||
|
||||
delete_uri_tail_slash: false # Delete the '/' at the end of the URI
|
||||
normalize_uri_like_servlet: false # If true, use the same path normalization rules as the Java
|
||||
|
||||
router:
|
||||
http: radixtree_host_uri # radixtree_host_uri: match route by host and URI
|
||||
ssl: radixtree_sni # radixtree_sni: match route by SNI
|
||||
|
||||
proxy_mode: http
|
||||
resolver_timeout: 5 # Set the time in seconds that the server will wait for a response from the
|
||||
enable_resolv_search_opt: true # If true, use search option in the resolv.conf file in DNS lookups.
|
||||
|
||||
ssl:
|
||||
enable: true
|
||||
listen: # APISIX listening port for HTTPS traffic.
|
||||
- port: 9443
|
||||
enable_http2: true
|
||||
ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported.
|
||||
ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
ssl_session_tickets: false # If true, session tickets are used for SSL/TLS connections.
|
||||
|
||||
enable_control: true # Control API
|
||||
|
||||
disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED.
|
||||
|
||||
data_encryption: # Data encryption settings.
|
||||
enable_encrypt_fields: false # Whether enable encrypt fields specified in `encrypt_fields` in plugin schema.
|
||||
keyring: # This field is used to encrypt the private key of SSL and the `encrypt_fields`
|
||||
- qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It should be a hexadecimal string
|
||||
- edd1c9f0985e76a2 # If not set, APISIX saves the original data into etcd.
|
||||
|
||||
events: # Event distribution module configuration
|
||||
module: lua-resty-events # Sets the name of the events module used.
|
||||
|
||||
nginx_config: # Config for render the template to generate nginx.conf
|
||||
error_log: logs/error.log # Location of the error log.
|
||||
error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg.
|
||||
worker_processes: auto # Automatically determine the optimal number of worker processes based
|
||||
enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the
|
||||
worker_rlimit_nofile: 20480 # The number of files a worker process can open.
|
||||
worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes.
|
||||
|
||||
max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time.
|
||||
max_running_timers: 4096 # The maximum number of running timers that can be active at any given time.
|
||||
|
||||
event:
|
||||
worker_connections: 10620
|
||||
|
||||
meta:
|
||||
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
|
||||
prometheus-metrics: 15m
|
||||
|
||||
stream:
|
||||
enable_access_log: false # Enable stream proxy access logging.
|
||||
access_log: logs/access_stream.log # Location of the stream access log.
|
||||
access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html
|
||||
access_log_format_escape: default # Escape default or json characters in variables.
|
||||
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
|
||||
etcd-cluster-health-check-stream: 10m
|
||||
lrucache-lock-stream: 10m
|
||||
plugin-limit-conn-stream: 10m
|
||||
worker-events-stream: 10m
|
||||
tars-stream: 1m
|
||||
main_configuration_snippet: |
|
||||
# Add custom Nginx main configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
http_configuration_snippet: |
|
||||
# Add custom Nginx http configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
http_server_configuration_snippet: |
|
||||
# Add custom Nginx http server configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
http_server_location_configuration_snippet: |
|
||||
# Add custom Nginx http server location configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
http_admin_configuration_snippet: |
|
||||
# Add custom Nginx admin server configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
http_end_configuration_snippet: |
|
||||
# Add custom Nginx http end configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
stream_configuration_snippet: |
|
||||
# Add custom Nginx stream configuration to nginx.conf.
|
||||
# The configuration should be well indented!
|
||||
|
||||
http:
|
||||
enable_access_log: true # Enable HTTP proxy access logging.
|
||||
access_log: logs/access.log # Location of the access log.
|
||||
access_log_buffer: 16384 # buffer size of access log.
|
||||
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
|
||||
access_log_format_escape: default # Escape default or json characters in variables.
|
||||
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
|
||||
client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP
|
||||
client_body_timeout: 60s # Set the maximum time waiting for client to send the request body.
|
||||
client_max_body_size: 0 # Set the maximum allowed size of the client request body.
|
||||
send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing.
|
||||
underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names.
|
||||
real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
|
||||
real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
|
||||
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
|
||||
- 127.0.0.1
|
||||
- "unix:"
|
||||
proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS
|
||||
|
||||
upstream:
|
||||
keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers.
|
||||
keepalive_requests: 1000 # Set the maximum number of requests that can be served through one
|
||||
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
|
||||
charset: utf-8 # Add the charset to the "Content-Type" response header field.
|
||||
variables_hash_max_size: 2048 # Set the maximum size of the variables hash table.
|
||||
|
||||
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
|
||||
internal-status: 10m
|
||||
plugin-limit-req: 10m
|
||||
plugin-limit-count: 10m
|
||||
prometheus-metrics: 10m
|
||||
plugin-limit-conn: 10m
|
||||
upstream-healthcheck: 10m
|
||||
worker-events: 10m
|
||||
lrucache-lock: 10m
|
||||
balancer-ewma: 10m
|
||||
balancer-ewma-locks: 10m
|
||||
balancer-ewma-last-touched-at: 10m
|
||||
plugin-limit-count-redis-cluster-slot-lock: 1m
|
||||
tracing_buffer: 10m
|
||||
plugin-api-breaker: 10m
|
||||
etcd-cluster-health-check: 10m
|
||||
discovery: 1m
|
||||
jwks: 1m
|
||||
introspection: 10m
|
||||
access-tokens: 1m
|
||||
ext-plugin: 1m
|
||||
tars: 1m
|
||||
cas-auth: 10m
|
||||
ocsp-stapling: 10m
|
||||
|
||||
graphql:
|
||||
max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB.
|
||||
|
||||
plugins: # plugin list (sorted by priority)
|
||||
- real-ip # priority: 23000
|
||||
- ai # priority: 22900
|
||||
- client-control # priority: 22000
|
||||
- proxy-control # priority: 21990
|
||||
- request-id # priority: 12015
|
||||
- zipkin # priority: 12011
|
||||
#- skywalking # priority: 12010
|
||||
#- opentelemetry # priority: 12009
|
||||
- ext-plugin-pre-req # priority: 12000
|
||||
- fault-injection # priority: 11000
|
||||
- mocking # priority: 10900
|
||||
- serverless-pre-function # priority: 10000
|
||||
#- batch-requests # priority: 4010
|
||||
- cors # priority: 4000
|
||||
- ip-restriction # priority: 3000
|
||||
- ua-restriction # priority: 2999
|
||||
- referer-restriction # priority: 2990
|
||||
- csrf # priority: 2980
|
||||
- uri-blocker # priority: 2900
|
||||
- request-validation # priority: 2800
|
||||
- chaitin-waf # priority: 2700
|
||||
- multi-auth # priority: 2600
|
||||
- openid-connect # priority: 2599
|
||||
- cas-auth # priority: 2597
|
||||
- authz-casbin # priority: 2560
|
||||
- authz-casdoor # priority: 2559
|
||||
- wolf-rbac # priority: 2555
|
||||
- ldap-auth # priority: 2540
|
||||
- hmac-auth # priority: 2530
|
||||
- basic-auth # priority: 2520
|
||||
- jwt-auth # priority: 2510
|
||||
- jwe-decrypt # priority: 2509
|
||||
- key-auth # priority: 2500
|
||||
- consumer-restriction # priority: 2400
|
||||
- forward-auth # priority: 2002
|
||||
- opa # priority: 2001
|
||||
- authz-keycloak # priority: 2000
|
||||
#- error-log-logger # priority: 1091
|
||||
- proxy-cache # priority: 1085
|
||||
- body-transformer # priority: 1080
|
||||
- proxy-mirror # priority: 1010
|
||||
- proxy-rewrite # priority: 1008
|
||||
- workflow # priority: 1006
|
||||
- api-breaker # priority: 1005
|
||||
- limit-conn # priority: 1003
|
||||
- limit-count # priority: 1002
|
||||
- limit-req # priority: 1001
|
||||
#- node-status # priority: 1000
|
||||
#- brotli # priority: 996
|
||||
- gzip # priority: 995
|
||||
- server-info # priority: 990
|
||||
- traffic-split # priority: 966
|
||||
- redirect # priority: 900
|
||||
- response-rewrite # priority: 899
|
||||
- degraphql # priority: 509
|
||||
- kafka-proxy # priority: 508
|
||||
#- dubbo-proxy # priority: 507
|
||||
- grpc-transcode # priority: 506
|
||||
- grpc-web # priority: 505
|
||||
- http-dubbo # priority: 504
|
||||
- public-api # priority: 501
|
||||
- prometheus # priority: 500
|
||||
- datadog # priority: 495
|
||||
- loki-logger # priority: 414
|
||||
- elasticsearch-logger # priority: 413
|
||||
- echo # priority: 412
|
||||
- loggly # priority: 411
|
||||
- http-logger # priority: 410
|
||||
- splunk-hec-logging # priority: 409
|
||||
- skywalking-logger # priority: 408
|
||||
- google-cloud-logging # priority: 407
|
||||
- sls-logger # priority: 406
|
||||
- tcp-logger # priority: 405
|
||||
- kafka-logger # priority: 403
|
||||
- rocketmq-logger # priority: 402
|
||||
- syslog # priority: 401
|
||||
- udp-logger # priority: 400
|
||||
- file-logger # priority: 399
|
||||
- clickhouse-logger # priority: 398
|
||||
- tencent-cloud-cls # priority: 397
|
||||
- inspect # priority: 200
|
||||
#- log-rotate # priority: 100
|
||||
# <- recommend to use priority (0, 100) for your custom plugins
|
||||
- example-plugin # priority: 0
|
||||
#- gm # priority: -43
|
||||
#- ocsp-stapling # priority: -44
|
||||
- aws-lambda # priority: -1899
|
||||
- azure-functions # priority: -1900
|
||||
- openwhisk # priority: -1901
|
||||
- openfunction # priority: -1902
|
||||
- serverless-post-function # priority: -2000
|
||||
- ext-plugin-post-req # priority: -3000
|
||||
- ext-plugin-post-resp # priority: -4000
|
||||
|
||||
stream_plugins: # stream plugin list (sorted by priority)
|
||||
- ip-restriction # priority: 3000
|
||||
- limit-conn # priority: 1003
|
||||
- mqtt-proxy # priority: 1000
|
||||
#- prometheus # priority: 500
|
||||
- syslog # priority: 401
|
||||
# <- recommend to use priority (0, 100) for your custom plugins
|
||||
|
||||
plugin_attr: # Plugin attributes
|
||||
log-rotate: # Plugin: log-rotate
|
||||
timeout: 10000 # maximum wait time for a log rotation(unit: millisecond)
|
||||
interval: 3600 # Set the log rotate interval in seconds.
|
||||
max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted.
|
||||
max_size: -1 # Set the maximum size of log files in bytes before a rotation.
|
||||
# Skip size check if max_size is less than 0.
|
||||
enable_compression: false # Enable log file compression (gzip).
|
||||
skywalking: # Plugin: skywalking
|
||||
service_name: APISIX # Set the service name for SkyWalking reporter.
|
||||
service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter.
|
||||
endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint.
|
||||
report_interval: 3 # Set the reporting interval in second.
|
||||
opentelemetry: # Plugin: opentelemetry
|
||||
trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces.
|
||||
resource:
|
||||
service.name: APISIX # Set the service name for OpenTelemetry traces.
|
||||
collector:
|
||||
address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to.
|
||||
request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds.
|
||||
request_headers: # Set the headers to include in requests to the OpenTelemetry collector.
|
||||
Authorization: token # Set the authorization header to include an access token.
|
||||
batch_span_processor:
|
||||
drop_on_queue_full: false # Drop spans when the export queue is full.
|
||||
max_queue_size: 1024 # Set the maximum size of the span export queue.
|
||||
batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before
|
||||
# being sent.
|
||||
inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent,
|
||||
# if the queue is not full.
|
||||
max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the
|
||||
set_ngx_var: false # export opentelemetry variables to nginx variables
|
||||
# OpenTelemetry collector.
|
||||
prometheus: # Plugin: prometheus
|
||||
export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint.
|
||||
metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX.
|
||||
enable_export_server: true # Enable the Prometheus export server.
|
||||
export_addr: # Set the address for the Prometheus export server.
|
||||
ip: 127.0.0.1 # Set the IP.
|
||||
port: 9091 # Set the port.
|
||||
# metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html
|
||||
# http_status:
|
||||
# extra_labels:
|
||||
# - upstream_addr: $upstream_addr
|
||||
# - status: $upstream_status # The label name does not need to be the same as the variable name.
|
||||
# http_latency:
|
||||
# extra_labels:
|
||||
# - upstream_addr: $upstream_addr
|
||||
# bandwidth:
|
||||
# extra_labels:
|
||||
# - upstream_addr: $upstream_addr
|
||||
# default_buckets:
|
||||
# - 10
|
||||
# - 50
|
||||
# - 100
|
||||
# - 200
|
||||
# - 500
|
||||
server-info: # Plugin: server-info
|
||||
report_ttl: 60 # Set the TTL in seconds for server info in etcd.
|
||||
# Maximum: 86400. Minimum: 3.
|
||||
dubbo-proxy: # Plugin: dubbo-proxy
|
||||
upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over
|
||||
# a single network connection between the Dubbo Proxy and the upstream
|
||||
# Dubbo services.
|
||||
proxy-mirror: # Plugin: proxy-mirror
|
||||
timeout: # Set the timeout for mirrored requests.
|
||||
connect: 60s
|
||||
read: 60s
|
||||
send: 60s
|
||||
# redirect: # Plugin: redirect
|
||||
# https_port: 8443 # Set the default port used to redirect HTTP to HTTPS.
|
||||
inspect: # Plugin: inspect
|
||||
delay: 3 # Set the delay in seconds for the frequency of checking the hooks file.
|
||||
hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines
|
||||
# hooks. Only administrators should have
|
||||
# write access to this file for security.
|
||||
zipkin: # Plugin: zipkin
|
||||
set_ngx_var: false # export zipkin variables to nginx variables
|
||||
|
||||
deployment: # Deployment configurations
|
||||
role: traditional # Set deployment mode: traditional, control_plane, or data_plane.
|
||||
role_traditional:
|
||||
config_provider: etcd # Set the configuration center.
|
||||
|
||||
#role_data_plane: # Set data plane details if role is data_plane.
|
||||
# config_provider: etcd # Set the configuration center: etcd, xds, or yaml.
|
||||
|
||||
#role_control_plane: # Set control plane details if role is control_plane.
|
||||
# config_provider: etcd # Set the configuration center.
|
||||
|
||||
admin: # Admin API
|
||||
admin_key_required: true # Enable Admin API authentication by default for security.
|
||||
admin_key:
|
||||
- name: admin # admin: write access to configurations.
|
||||
key: ${{APISIX_ADMIN_KEY}} # Set API key for the admin of Admin API.
|
||||
role: admin
|
||||
- name: viewer # viewer: read-only to configurations.
|
||||
key: ${{APISIX_VIEWER_KEY}} # Set API key for the viewer of Admin API.
|
||||
role: viewer
|
||||
|
||||
enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`.
|
||||
allow_admin: # Limit Admin API access by IP addresses.
|
||||
- 127.0.0.0/24 # If not set, any IP address is allowed.
|
||||
# - "::/64"
|
||||
admin_listen: # Set the Admin API listening addresses.
|
||||
ip: 0.0.0.0 # Set listening IP.
|
||||
port: 9180 # Set listening port. Beware of port conflict with node_listen.
|
||||
admin_api_version: v3 # Set the version of Admin API (latest: v3).
|
||||
|
||||
etcd:
|
||||
host: # Set etcd address(es) in the same etcd cluster.
|
||||
- ${{APISIX_ETCD_URL}} # If TLS is enabled for etcd, use https://127.0.0.1:2379.
|
||||
prefix: /apisix # Set etcd prefix.
|
||||
timeout: 30 # The timeout when connect/read/write to etcd, Set timeout in seconds.
|
||||
watch_timeout: 50 # The timeout when watch etcd
|
||||
startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2.
|
||||
tls:
|
||||
verify: false
|
|
@ -0,0 +1,12 @@
|
|||
# log options
|
||||
log_level: "info"
|
||||
log_output: "stderr"
|
||||
http_listen: ":8080"
|
||||
enable_profiling: true
|
||||
apisix_resource_sync_interval: 1h
|
||||
kubernetes:
|
||||
kubeconfig: ""
|
||||
resync_interval: "6h"
|
||||
apisix:
|
||||
default_cluster_base_url: "{{ .APISIX_ADMIN_URL }}"
|
||||
default_cluster_admin_key: "{{ .APISIX_ADMIN_KEY }}"
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- https://github.com/apache/apisix-ingress-controller/samples/deploy?ref=v1.8.0
|
||||
|
||||
patches:
|
||||
- path: patches/ingress-controller.yaml
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ingress-controller
|
||||
spec:
|
||||
replicas: 3
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: ingress-controller
|
||||
image: "apache/apisix-ingress-controller:1.8.0"
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: apisix-env-config
|
||||
- secretRef:
|
||||
name: apisix-senstitive
|
||||
initContainers:
|
||||
- name: wait-apisix-admin
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- until nc -z apisix-admin 9180 ; do echo waiting for apisix-admin; sleep 2; done;
|
||||
image: busybox:1.28
|
||||
imagePullPolicy: IfNotPresent
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ingress-apisix
|
Loading…
Reference in New Issue