First try apisix-ingress-controler

This commit is contained in:
Philippe Caseiro 2024-02-01 17:03:55 +01:00
parent 82096575ba
commit 718741df6b
16 changed files with 793 additions and 0 deletions

View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: ingress-apisix
resources:
- resources/namespace.yaml
- resources/etcd
- resources/apisix-deployment.yaml
- resources/apisix-svc.yaml
- resources/apisix-dashboard
- resources/ingress-controller
configMapGenerator:
- name: apisix-config
files:
- resources/files/apisix-config.yaml
- name: apisix-env-config
literals:
- APISIX_NODE_LISTEN="9080"
- APISIX_PORT_ADMIN="9180"
- APISIX_ETCD_URL="http://etcd-server:2379"
- APISIX_ADMIN_URL="http://apisix-admin:9180/apisix/admin"
- name: apisix-ingress-cm
behavior: replace
files:
- config.yaml=resources/files/apisix-ic-config.yaml
secretGenerator:
- name: apisix-senstitive
literals:
- APISIX_ADMIN_KEY="iom4ahdohzohzi4zoothug7iePhaLoijiequaacaiJeye"
- APISIX_VIEWER_KEY="jah9ahquu8ohvaZ6iiQu9aeNie3uchie5goo4Fii8leif"

View File

@ -0,0 +1,20 @@
conf:
listen:
host: 0.0.0.0
port: 9000
etcd:
prefix: "/apisix"
endpoints:
- etcd-server:2379
log:
error_log:
level: debug
file_path: /dev/stderr
access_log:
file_path: /dev/stdout
authentication:
secret: secret
expire_time: 3600
users:
- username: admin
password: to4jo6vuaZ8Iehohch2deeN6LeaghohChe

View File

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/service-account.yaml
- resources/deployment.yaml
- resources/service.yaml
configMapGenerator:
- name: apisix-dashboard
files:
- config.yaml=files/dashboard.yaml
secretGenerator:
- name: apisix-dashboard-sensitive
literals:
- APISIX_DASHBOARD_ADMIN_USERNAME="admin"
- APISIX_DASHBOARD_ADMIN_PASSWORD="shae9konga0ie0Ru"

View File

@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
app.kubernetes.io/version: 3.0.0
name: apisix-dashboard
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
spec:
containers:
- name: dashboard
image: reg.cadoles.com/proxy_cache/apache/apisix-dashboard:3.0.0-alpine
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: apisix-dashboard-sensitive
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: http
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 9000
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: http
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext: {}
volumeMounts:
- mountPath: /usr/local/apisix-dashboard/conf/conf.yaml
name: apisix-dashboard-config
subPath: config.yaml
restartPolicy: Always
serviceAccount: apisix-dashboard
serviceAccountName: apisix-dashboard
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: apisix-dashboard
name: apisix-dashboard-config

View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
app.kubernetes.io/version: 3.0.0
name: apisix-dashboard

View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
app.kubernetes.io/version: 3.0.0
name: apisix-dashboard
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: apisix
app.kubernetes.io/name: dashboard
sessionAffinity: None
type: ClusterIP

View File

@ -0,0 +1,68 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: apisix
labels:
app.kubernetes.io/name: apisix
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: apisix
template:
metadata:
labels:
app.kubernetes.io/name: apisix
spec:
containers:
- name: apisix
image: "apache/apisix:3.2.2-debian"
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: apisix-env-config
- secretRef:
name: apisix-senstitive
ports:
- name: http
containerPort: 9080
protocol: TCP
- name: tls
containerPort: 9443
protocol: TCP
- name: admin
containerPort: 9180
protocol: TCP
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 9080
timeoutSeconds: 1
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- "sleep 30"
volumeMounts:
- mountPath: /usr/local/apisix/conf/config.yaml
name: apisix-config
subPath: apisix-config.yaml
resources: {}
initContainers:
- name: wait-etcd
command:
- sh
- -c
- until nc -z etcd-server 2379; do echo waiting for etcd `date`; sleep 2; done;
image: busybox:1.28
imagePullPolicy: IfNotPresent
volumes:
- name: apisix-config
configMap:
defaultMode: 420
name: apisix-config

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: apisix-admin
labels:
app.kubernetes.io/name: apisix
spec:
type: ClusterIP
ports:
- name: apisix-admin
port: 9180
targetPort: 9180
protocol: TCP
selector:
app.kubernetes.io/name: apisix

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/kustomhippie/etcd.git?ref=v2.0.2
#- https://github.com/kustomhippie/etcd.git//snapshot?ref=v2.0.2
patches:
- path: patches/statefulset.yaml

View File

@ -0,0 +1,8 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etcd-server
spec:
replicas: 3

View File

@ -0,0 +1,97 @@
apisix:
node_listen: ${{APISIX_NODE_LISTEN}} # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # when set to true, sets Nginx worker_processes to 1
enable_reuseport: true # when set to true, enables nginx SO_REUSEPORT switch
enable_ipv6: true
config_center: etcd # use etcd to store configuration
allow_admin: # see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0
port_admin: ${{APISIX_PORT_ADMIN}}
# default token used when calling the Admin API
# it is recommended to modify this value in production
# when disabled, Admin API won't require any authentication
admin_key:
# admin: full access to configuration data
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin
# viewer: can only view the configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
# dns_resolver:
# - 127.0.0.1
dns_resolver_valid: 30
resolver_timeout: 5
nginx_config: # template configuration to generate nginx.conf
error_log: "/dev/stderr"
error_log_level: "warn" # warn, error
worker_rlimit_nofile: 20480 # number of files a worker process can open. Should be larger than worker_connections
event:
worker_connections: 10620
http:
access_log: "/dev/stdout"
keepalive_timeout: 60s # timeout for which a keep-alive client connection will stay open on the server side
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response to the client, then the connection is closed
underscores_in_headers: "on" # enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
etcd:
host:
- ${{APISIX_ETCD_URL}}
prefix: "/apisix" # APISIX configurations prefix
timeout: 30 # in seconds
plugins: # list of APISIX Plugins
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
stream_plugins:
- mqtt-proxy

View File

@ -0,0 +1,380 @@
apisix:
node_listen: # APISIX listening ports.
- ${{APISIX_NODE_LISTEN}}
enable_admin: true # Admin API
enable_dev_mode: false # If true, set nginx `worker_processes` to 1.
enable_reuseport: true # If true, enable nginx SO_REUSEPORT option.
show_upstream_status_in_response_header: false # If true, include the upstream HTTP status code in
enable_ipv6: false
enable_server_tokens: true # If true, show APISIX version in the `Server` response header.
extra_lua_path: "" # Extend lua_package_path to load third-party code.
extra_lua_cpath: "" # Extend lua_package_cpath to load third-party code.
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time on disk if the upstream does not specify a caching time.
zones:
- name: disk_cache_one # Name of the cache.
memory_size: 50m # Size of the memory to store the cache index.
disk_size: 1G # Size of the disk to store the cache data.
disk_path: /tmp/disk_cache_one # Path to the cache file for disk cache.
cache_levels: 1:2 # Cache hierarchy levels of disk cache.
- name: memory_cache
memory_size: 50m
delete_uri_tail_slash: false # Delete the '/' at the end of the URI
normalize_uri_like_servlet: false # If true, use the same path normalization rules as the Java
router:
http: radixtree_host_uri # radixtree_host_uri: match route by host and URI
ssl: radixtree_sni # radixtree_sni: match route by SNI
proxy_mode: http
resolver_timeout: 5 # Set the time in seconds that the server will wait for a response from the
enable_resolv_search_opt: true # If true, use search option in the resolv.conf file in DNS lookups.
ssl:
enable: true
listen: # APISIX listening port for HTTPS traffic.
- port: 9443
enable_http2: true
ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported.
ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_session_tickets: false # If true, session tickets are used for SSL/TLS connections.
enable_control: true # Control API
disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED.
data_encryption: # Data encryption settings.
enable_encrypt_fields: false # Whether enable encrypt fields specified in `encrypt_fields` in plugin schema.
keyring: # This field is used to encrypt the private key of SSL and the `encrypt_fields`
- qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It should be a hexadecimal string
- edd1c9f0985e76a2 # If not set, APISIX saves the original data into etcd.
events: # Event distribution module configuration
module: lua-resty-events # Sets the name of the events module used.
nginx_config: # Config for render the template to generate nginx.conf
error_log: logs/error.log # Location of the error log.
error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg.
worker_processes: auto # Automatically determine the optimal number of worker processes based
enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the
worker_rlimit_nofile: 20480 # The number of files a worker process can open.
worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes.
max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time.
max_running_timers: 4096 # The maximum number of running timers that can be active at any given time.
event:
worker_connections: 10620
meta:
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
prometheus-metrics: 15m
stream:
enable_access_log: false # Enable stream proxy access logging.
access_log: logs/access_stream.log # Location of the stream access log.
access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html
access_log_format_escape: default # Escape default or json characters in variables.
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
etcd-cluster-health-check-stream: 10m
lrucache-lock-stream: 10m
plugin-limit-conn-stream: 10m
worker-events-stream: 10m
tars-stream: 1m
main_configuration_snippet: |
# Add custom Nginx main configuration to nginx.conf.
# The configuration should be well indented!
http_configuration_snippet: |
# Add custom Nginx http configuration to nginx.conf.
# The configuration should be well indented!
http_server_configuration_snippet: |
# Add custom Nginx http server configuration to nginx.conf.
# The configuration should be well indented!
http_server_location_configuration_snippet: |
# Add custom Nginx http server location configuration to nginx.conf.
# The configuration should be well indented!
http_admin_configuration_snippet: |
# Add custom Nginx admin server configuration to nginx.conf.
# The configuration should be well indented!
http_end_configuration_snippet: |
# Add custom Nginx http end configuration to nginx.conf.
# The configuration should be well indented!
stream_configuration_snippet: |
# Add custom Nginx stream configuration to nginx.conf.
# The configuration should be well indented!
http:
enable_access_log: true # Enable HTTP proxy access logging.
access_log: logs/access.log # Location of the access log.
access_log_buffer: 16384 # buffer size of access log.
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
access_log_format_escape: default # Escape default or json characters in variables.
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP
client_body_timeout: 60s # Set the maximum time waiting for client to send the request body.
client_max_body_size: 0 # Set the maximum allowed size of the client request body.
send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing.
underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names.
real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- "unix:"
proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS
upstream:
keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers.
keepalive_requests: 1000 # Set the maximum number of requests that can be served through one
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
charset: utf-8 # Add the charset to the "Content-Type" response header field.
variables_hash_max_size: 2048 # Set the maximum size of the variables hash table.
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
internal-status: 10m
plugin-limit-req: 10m
plugin-limit-count: 10m
prometheus-metrics: 10m
plugin-limit-conn: 10m
upstream-healthcheck: 10m
worker-events: 10m
lrucache-lock: 10m
balancer-ewma: 10m
balancer-ewma-locks: 10m
balancer-ewma-last-touched-at: 10m
plugin-limit-count-redis-cluster-slot-lock: 1m
tracing_buffer: 10m
plugin-api-breaker: 10m
etcd-cluster-health-check: 10m
discovery: 1m
jwks: 1m
introspection: 10m
access-tokens: 1m
ext-plugin: 1m
tars: 1m
cas-auth: 10m
ocsp-stapling: 10m
graphql:
max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB.
plugins: # plugin list (sorted by priority)
- real-ip # priority: 23000
- ai # priority: 22900
- client-control # priority: 22000
- proxy-control # priority: 21990
- request-id # priority: 12015
- zipkin # priority: 12011
#- skywalking # priority: 12010
#- opentelemetry # priority: 12009
- ext-plugin-pre-req # priority: 12000
- fault-injection # priority: 11000
- mocking # priority: 10900
- serverless-pre-function # priority: 10000
#- batch-requests # priority: 4010
- cors # priority: 4000
- ip-restriction # priority: 3000
- ua-restriction # priority: 2999
- referer-restriction # priority: 2990
- csrf # priority: 2980
- uri-blocker # priority: 2900
- request-validation # priority: 2800
- chaitin-waf # priority: 2700
- multi-auth # priority: 2600
- openid-connect # priority: 2599
- cas-auth # priority: 2597
- authz-casbin # priority: 2560
- authz-casdoor # priority: 2559
- wolf-rbac # priority: 2555
- ldap-auth # priority: 2540
- hmac-auth # priority: 2530
- basic-auth # priority: 2520
- jwt-auth # priority: 2510
- jwe-decrypt # priority: 2509
- key-auth # priority: 2500
- consumer-restriction # priority: 2400
- forward-auth # priority: 2002
- opa # priority: 2001
- authz-keycloak # priority: 2000
#- error-log-logger # priority: 1091
- proxy-cache # priority: 1085
- body-transformer # priority: 1080
- proxy-mirror # priority: 1010
- proxy-rewrite # priority: 1008
- workflow # priority: 1006
- api-breaker # priority: 1005
- limit-conn # priority: 1003
- limit-count # priority: 1002
- limit-req # priority: 1001
#- node-status # priority: 1000
#- brotli # priority: 996
- gzip # priority: 995
- server-info # priority: 990
- traffic-split # priority: 966
- redirect # priority: 900
- response-rewrite # priority: 899
- degraphql # priority: 509
- kafka-proxy # priority: 508
#- dubbo-proxy # priority: 507
- grpc-transcode # priority: 506
- grpc-web # priority: 505
- http-dubbo # priority: 504
- public-api # priority: 501
- prometheus # priority: 500
- datadog # priority: 495
- loki-logger # priority: 414
- elasticsearch-logger # priority: 413
- echo # priority: 412
- loggly # priority: 411
- http-logger # priority: 410
- splunk-hec-logging # priority: 409
- skywalking-logger # priority: 408
- google-cloud-logging # priority: 407
- sls-logger # priority: 406
- tcp-logger # priority: 405
- kafka-logger # priority: 403
- rocketmq-logger # priority: 402
- syslog # priority: 401
- udp-logger # priority: 400
- file-logger # priority: 399
- clickhouse-logger # priority: 398
- tencent-cloud-cls # priority: 397
- inspect # priority: 200
#- log-rotate # priority: 100
# <- recommend to use priority (0, 100) for your custom plugins
- example-plugin # priority: 0
#- gm # priority: -43
#- ocsp-stapling # priority: -44
- aws-lambda # priority: -1899
- azure-functions # priority: -1900
- openwhisk # priority: -1901
- openfunction # priority: -1902
- serverless-post-function # priority: -2000
- ext-plugin-post-req # priority: -3000
- ext-plugin-post-resp # priority: -4000
stream_plugins: # stream plugin list (sorted by priority)
- ip-restriction # priority: 3000
- limit-conn # priority: 1003
- mqtt-proxy # priority: 1000
#- prometheus # priority: 500
- syslog # priority: 401
# <- recommend to use priority (0, 100) for your custom plugins
plugin_attr: # Plugin attributes
log-rotate: # Plugin: log-rotate
timeout: 10000 # maximum wait time for a log rotation(unit: millisecond)
interval: 3600 # Set the log rotate interval in seconds.
max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted.
max_size: -1 # Set the maximum size of log files in bytes before a rotation.
# Skip size check if max_size is less than 0.
enable_compression: false # Enable log file compression (gzip).
skywalking: # Plugin: skywalking
service_name: APISIX # Set the service name for SkyWalking reporter.
service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter.
endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint.
report_interval: 3 # Set the reporting interval in second.
opentelemetry: # Plugin: opentelemetry
trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces.
resource:
service.name: APISIX # Set the service name for OpenTelemetry traces.
collector:
address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to.
request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds.
request_headers: # Set the headers to include in requests to the OpenTelemetry collector.
Authorization: token # Set the authorization header to include an access token.
batch_span_processor:
drop_on_queue_full: false # Drop spans when the export queue is full.
max_queue_size: 1024 # Set the maximum size of the span export queue.
batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before
# being sent.
inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent,
# if the queue is not full.
max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the
set_ngx_var: false # export opentelemetry variables to nginx variables
# OpenTelemetry collector.
prometheus: # Plugin: prometheus
export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint.
metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX.
enable_export_server: true # Enable the Prometheus export server.
export_addr: # Set the address for the Prometheus export server.
ip: 127.0.0.1 # Set the IP.
port: 9091 # Set the port.
# metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html
# http_status:
# extra_labels:
# - upstream_addr: $upstream_addr
# - status: $upstream_status # The label name does not need to be the same as the variable name.
# http_latency:
# extra_labels:
# - upstream_addr: $upstream_addr
# bandwidth:
# extra_labels:
# - upstream_addr: $upstream_addr
# default_buckets:
# - 10
# - 50
# - 100
# - 200
# - 500
server-info: # Plugin: server-info
report_ttl: 60 # Set the TTL in seconds for server info in etcd.
# Maximum: 86400. Minimum: 3.
dubbo-proxy: # Plugin: dubbo-proxy
upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over
# a single network connection between the Dubbo Proxy and the upstream
# Dubbo services.
proxy-mirror: # Plugin: proxy-mirror
timeout: # Set the timeout for mirrored requests.
connect: 60s
read: 60s
send: 60s
# redirect: # Plugin: redirect
# https_port: 8443 # Set the default port used to redirect HTTP to HTTPS.
inspect: # Plugin: inspect
delay: 3 # Set the delay in seconds for the frequency of checking the hooks file.
hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines
# hooks. Only administrators should have
# write access to this file for security.
zipkin: # Plugin: zipkin
set_ngx_var: false # export zipkin variables to nginx variables
deployment: # Deployment configurations
role: traditional # Set deployment mode: traditional, control_plane, or data_plane.
role_traditional:
config_provider: etcd # Set the configuration center.
#role_data_plane: # Set data plane details if role is data_plane.
# config_provider: etcd # Set the configuration center: etcd, xds, or yaml.
#role_control_plane: # Set control plane details if role is control_plane.
# config_provider: etcd # Set the configuration center.
admin: # Admin API
admin_key_required: true # Enable Admin API authentication by default for security.
admin_key:
- name: admin # admin: write access to configurations.
key: ${{APISIX_ADMIN_KEY}} # Set API key for the admin of Admin API.
role: admin
- name: viewer # viewer: read-only to configurations.
key: ${{APISIX_VIEWER_KEY}} # Set API key for the viewer of Admin API.
role: viewer
enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`.
allow_admin: # Limit Admin API access by IP addresses.
- 127.0.0.0/24 # If not set, any IP address is allowed.
# - "::/64"
admin_listen: # Set the Admin API listening addresses.
ip: 0.0.0.0 # Set listening IP.
port: 9180 # Set listening port. Beware of port conflict with node_listen.
admin_api_version: v3 # Set the version of Admin API (latest: v3).
etcd:
host: # Set etcd address(es) in the same etcd cluster.
- ${{APISIX_ETCD_URL}} # If TLS is enabled for etcd, use https://127.0.0.1:2379.
prefix: /apisix # Set etcd prefix.
timeout: 30 # The timeout when connect/read/write to etcd, Set timeout in seconds.
watch_timeout: 50 # The timeout when watch etcd
startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2.
tls:
verify: false

View File

@ -0,0 +1,12 @@
# log options
log_level: "info"
log_output: "stderr"
http_listen: ":8080"
enable_profiling: true
apisix_resource_sync_interval: 1h
kubernetes:
kubeconfig: ""
resync_interval: "6h"
apisix:
default_cluster_base_url: "{{ .APISIX_ADMIN_URL }}"
default_cluster_admin_key: "{{ .APISIX_ADMIN_KEY }}"

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/apache/apisix-ingress-controller/samples/deploy?ref=v1.8.0
patches:
- path: patches/ingress-controller.yaml

View File

@ -0,0 +1,24 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-controller
spec:
replicas: 3
template:
spec:
containers:
- name: ingress-controller
image: "apache/apisix-ingress-controller:1.8.0"
envFrom:
- configMapRef:
name: apisix-env-config
- secretRef:
name: apisix-senstitive
initContainers:
- name: wait-apisix-admin
command:
- sh
- -c
- until nc -z apisix-admin 9180 ; do echo waiting for apisix-admin; sleep 2; done;
image: busybox:1.28
imagePullPolicy: IfNotPresent

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-apisix