diff --git a/base/apisix/kustomization.yaml b/base/apisix/kustomization.yaml new file mode 100644 index 0000000..beb431b --- /dev/null +++ b/base/apisix/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: ingress-apisix + +resources: +- resources/namespace.yaml +- resources/etcd +- resources/apisix-deployment.yaml +- resources/apisix-svc.yaml +- resources/apisix-dashboard +- resources/ingress-controller + +configMapGenerator: +- name: apisix-config + files: + - resources/files/apisix-config.yaml +- name: apisix-env-config + literals: + - APISIX_NODE_LISTEN="9080" + - APISIX_PORT_ADMIN="9180" + - APISIX_ETCD_URL="http://etcd-server:2379" + - APISIX_ADMIN_URL="http://apisix-admin:9180/apisix/admin" +- name: apisix-ingress-cm + behavior: replace + files: + - config.yaml=resources/files/apisix-ic-config.yaml + +secretGenerator: +- name: apisix-senstitive + literals: + - APISIX_ADMIN_KEY="iom4ahdohzohzi4zoothug7iePhaLoijiequaacaiJeye" + - APISIX_VIEWER_KEY="jah9ahquu8ohvaZ6iiQu9aeNie3uchie5goo4Fii8leif" diff --git a/base/apisix/resources/apisix-dashboard/files/dashboard.yaml b/base/apisix/resources/apisix-dashboard/files/dashboard.yaml new file mode 100644 index 0000000..669d540 --- /dev/null +++ b/base/apisix/resources/apisix-dashboard/files/dashboard.yaml @@ -0,0 +1,20 @@ +conf: + listen: + host: 0.0.0.0 + port: 9000 + etcd: + prefix: "/apisix" + endpoints: + - etcd-server:2379 + log: + error_log: + level: debug + file_path: /dev/stderr + access_log: + file_path: /dev/stdout +authentication: + secret: secret + expire_time: 3600 + users: + - username: admin + password: to4jo6vuaZ8Iehohch2deeN6LeaghohChe diff --git a/base/apisix/resources/apisix-dashboard/kustomization.yaml b/base/apisix/resources/apisix-dashboard/kustomization.yaml new file mode 100644 index 0000000..972047e --- /dev/null +++ b/base/apisix/resources/apisix-dashboard/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- resources/service-account.yaml +- resources/deployment.yaml +- resources/service.yaml + +configMapGenerator: +- name: apisix-dashboard + files: + - config.yaml=files/dashboard.yaml + +secretGenerator: +- name: apisix-dashboard-sensitive + literals: + - APISIX_DASHBOARD_ADMIN_USERNAME="admin" + - APISIX_DASHBOARD_ADMIN_PASSWORD="shae9konga0ie0Ru" diff --git a/base/apisix/resources/apisix-dashboard/resources/deployment.yaml b/base/apisix/resources/apisix-dashboard/resources/deployment.yaml new file mode 100644 index 0000000..841cb1d --- /dev/null +++ b/base/apisix/resources/apisix-dashboard/resources/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + app.kubernetes.io/version: 3.0.0 + name: apisix-dashboard +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + spec: + containers: + - name: dashboard + image: reg.cadoles.com/proxy_cache/apache/apisix-dashboard:3.0.0-alpine + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: apisix-dashboard-sensitive + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: http + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 9000 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: http + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /usr/local/apisix-dashboard/conf/conf.yaml + name: apisix-dashboard-config + subPath: config.yaml + restartPolicy: Always + serviceAccount: apisix-dashboard + serviceAccountName: apisix-dashboard + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: apisix-dashboard + name: apisix-dashboard-config diff --git a/base/apisix/resources/apisix-dashboard/resources/service-account.yaml b/base/apisix/resources/apisix-dashboard/resources/service-account.yaml new file mode 100644 index 0000000..66eea5e --- /dev/null +++ b/base/apisix/resources/apisix-dashboard/resources/service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + app.kubernetes.io/version: 3.0.0 + name: apisix-dashboard diff --git a/base/apisix/resources/apisix-dashboard/resources/service.yaml b/base/apisix/resources/apisix-dashboard/resources/service.yaml new file mode 100644 index 0000000..6384be6 --- /dev/null +++ b/base/apisix/resources/apisix-dashboard/resources/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + app.kubernetes.io/version: 3.0.0 + name: apisix-dashboard +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: dashboard + sessionAffinity: None + type: ClusterIP diff --git a/base/apisix/resources/apisix-deployment.yaml b/base/apisix/resources/apisix-deployment.yaml new file mode 100644 index 0000000..9b2387e --- /dev/null +++ b/base/apisix/resources/apisix-deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: apisix + labels: + app.kubernetes.io/name: apisix +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: apisix + template: + metadata: + labels: + app.kubernetes.io/name: apisix + spec: + containers: + - name: apisix + image: "apache/apisix:3.2.2-debian" + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: apisix-env-config + - secretRef: + name: apisix-senstitive + ports: + - name: http + containerPort: 9080 + protocol: TCP + - name: tls + containerPort: 9443 + protocol: TCP + - name: admin + containerPort: 9180 + protocol: TCP + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 9080 + timeoutSeconds: 1 + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - "sleep 30" + volumeMounts: + - mountPath: /usr/local/apisix/conf/config.yaml + name: apisix-config + subPath: apisix-config.yaml + resources: {} + initContainers: + - name: wait-etcd + command: + - sh + - -c + - until nc -z etcd-server 2379; do echo waiting for etcd `date`; sleep 2; done; + image: busybox:1.28 + imagePullPolicy: IfNotPresent + volumes: + - name: apisix-config + configMap: + defaultMode: 420 + name: apisix-config diff --git a/base/apisix/resources/apisix-svc.yaml b/base/apisix/resources/apisix-svc.yaml new file mode 100644 index 0000000..25e6318 --- /dev/null +++ b/base/apisix/resources/apisix-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: apisix-admin + labels: + app.kubernetes.io/name: apisix +spec: + type: ClusterIP + ports: + - name: apisix-admin + port: 9180 + targetPort: 9180 + protocol: TCP + selector: + app.kubernetes.io/name: apisix diff --git a/base/apisix/resources/etcd/kustomization.yaml b/base/apisix/resources/etcd/kustomization.yaml new file mode 100644 index 0000000..01480d1 --- /dev/null +++ b/base/apisix/resources/etcd/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/kustomhippie/etcd.git?ref=v2.0.2 + #- https://github.com/kustomhippie/etcd.git//snapshot?ref=v2.0.2 + +patches: + - path: patches/statefulset.yaml diff --git a/base/apisix/resources/etcd/patches/statefulset.yaml b/base/apisix/resources/etcd/patches/statefulset.yaml new file mode 100644 index 0000000..fef399a --- /dev/null +++ b/base/apisix/resources/etcd/patches/statefulset.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: StatefulSet + +metadata: + name: etcd-server + +spec: + replicas: 3 diff --git a/base/apisix/resources/files/apisix-config-old.yaml b/base/apisix/resources/files/apisix-config-old.yaml new file mode 100644 index 0000000..78856ae --- /dev/null +++ b/base/apisix/resources/files/apisix-config-old.yaml @@ -0,0 +1,97 @@ +apisix: + node_listen: ${{APISIX_NODE_LISTEN}} # APISIX listening port + enable_heartbeat: true + enable_admin: true + enable_admin_cors: true + enable_debug: false + enable_dev_mode: false # when set to true, sets Nginx worker_processes to 1 + enable_reuseport: true # when set to true, enables nginx SO_REUSEPORT switch + enable_ipv6: true + config_center: etcd # use etcd to store configuration + + allow_admin: # see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow + - 0.0.0.0/0 + port_admin: ${{APISIX_PORT_ADMIN}} + + # default token used when calling the Admin API + # it is recommended to modify this value in production + # when disabled, Admin API won't require any authentication + admin_key: + # admin: full access to configuration data + - name: "admin" + key: edd1c9f034335f136f87ad84b625c8f1 + role: admin + # viewer: can only view the configuration data + - name: "viewer" + key: 4054f7cf07e344346cd3f287985e76a2 + role: viewer + # dns_resolver: + # - 127.0.0.1 + dns_resolver_valid: 30 + resolver_timeout: 5 + +nginx_config: # template configuration to generate nginx.conf + error_log: "/dev/stderr" + error_log_level: "warn" # warn, error + worker_rlimit_nofile: 20480 # number of files a worker process can open. Should be larger than worker_connections + event: + worker_connections: 10620 + http: + access_log: "/dev/stdout" + keepalive_timeout: 60s # timeout for which a keep-alive client connection will stay open on the server side + client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client + client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client + send_timeout: 10s # timeout for transmitting a response to the client, then the connection is closed + underscores_in_headers: "on" # enables the use of underscores in client request header fields + real_ip_header: "X-Real-IP" # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header + real_ip_from: # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from + - 127.0.0.1 + - 'unix:' + +etcd: + host: + - ${{APISIX_ETCD_URL}} + prefix: "/apisix" # APISIX configurations prefix + timeout: 30 # in seconds +plugins: # list of APISIX Plugins +- api-breaker +- authz-keycloak +- basic-auth +- batch-requests +- consumer-restriction +- cors +- echo +- fault-injection +- grpc-transcode +- hmac-auth +- http-logger +- ip-restriction +- jwt-auth +- kafka-logger +- key-auth +- limit-conn +- limit-count +- limit-req +- node-status +- openid-connect +- prometheus +- proxy-cache +- proxy-mirror +- proxy-rewrite +- redirect +- referer-restriction +- request-id +- request-validation +- response-rewrite +- serverless-post-function +- serverless-pre-function +- sls-logger +- syslog +- tcp-logger +- udp-logger +- uri-blocker +- wolf-rbac +- zipkin +- traffic-split +stream_plugins: +- mqtt-proxy diff --git a/base/apisix/resources/files/apisix-config.yaml b/base/apisix/resources/files/apisix-config.yaml new file mode 100644 index 0000000..cb5d97b --- /dev/null +++ b/base/apisix/resources/files/apisix-config.yaml @@ -0,0 +1,380 @@ +apisix: + node_listen: # APISIX listening ports. + - ${{APISIX_NODE_LISTEN}} + enable_admin: true # Admin API + enable_dev_mode: false # If true, set nginx `worker_processes` to 1. + enable_reuseport: true # If true, enable nginx SO_REUSEPORT option. + show_upstream_status_in_response_header: false # If true, include the upstream HTTP status code in + enable_ipv6: false + enable_server_tokens: true # If true, show APISIX version in the `Server` response header. + extra_lua_path: "" # Extend lua_package_path to load third-party code. + extra_lua_cpath: "" # Extend lua_package_cpath to load third-party code. + proxy_cache: # Proxy Caching configuration + cache_ttl: 10s # The default caching time on disk if the upstream does not specify a caching time. + zones: + - name: disk_cache_one # Name of the cache. + memory_size: 50m # Size of the memory to store the cache index. + disk_size: 1G # Size of the disk to store the cache data. + disk_path: /tmp/disk_cache_one # Path to the cache file for disk cache. + cache_levels: 1:2 # Cache hierarchy levels of disk cache. + - name: memory_cache + memory_size: 50m + + delete_uri_tail_slash: false # Delete the '/' at the end of the URI + normalize_uri_like_servlet: false # If true, use the same path normalization rules as the Java + + router: + http: radixtree_host_uri # radixtree_host_uri: match route by host and URI + ssl: radixtree_sni # radixtree_sni: match route by SNI + + proxy_mode: http + resolver_timeout: 5 # Set the time in seconds that the server will wait for a response from the + enable_resolv_search_opt: true # If true, use search option in the resolv.conf file in DNS lookups. + + ssl: + enable: true + listen: # APISIX listening port for HTTPS traffic. + - port: 9443 + enable_http2: true + ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported. + ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl_session_tickets: false # If true, session tickets are used for SSL/TLS connections. + + enable_control: true # Control API + + disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED. + + data_encryption: # Data encryption settings. + enable_encrypt_fields: false # Whether enable encrypt fields specified in `encrypt_fields` in plugin schema. + keyring: # This field is used to encrypt the private key of SSL and the `encrypt_fields` + - qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It should be a hexadecimal string + - edd1c9f0985e76a2 # If not set, APISIX saves the original data into etcd. + + events: # Event distribution module configuration + module: lua-resty-events # Sets the name of the events module used. + +nginx_config: # Config for render the template to generate nginx.conf + error_log: logs/error.log # Location of the error log. + error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg. + worker_processes: auto # Automatically determine the optimal number of worker processes based + enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the + worker_rlimit_nofile: 20480 # The number of files a worker process can open. + worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes. + + max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time. + max_running_timers: 4096 # The maximum number of running timers that can be active at any given time. + + event: + worker_connections: 10620 + + meta: + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. + prometheus-metrics: 15m + + stream: + enable_access_log: false # Enable stream proxy access logging. + access_log: logs/access_stream.log # Location of the stream access log. + access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html + access_log_format_escape: default # Escape default or json characters in variables. + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. + etcd-cluster-health-check-stream: 10m + lrucache-lock-stream: 10m + plugin-limit-conn-stream: 10m + worker-events-stream: 10m + tars-stream: 1m + main_configuration_snippet: | + # Add custom Nginx main configuration to nginx.conf. + # The configuration should be well indented! + http_configuration_snippet: | + # Add custom Nginx http configuration to nginx.conf. + # The configuration should be well indented! + http_server_configuration_snippet: | + # Add custom Nginx http server configuration to nginx.conf. + # The configuration should be well indented! + http_server_location_configuration_snippet: | + # Add custom Nginx http server location configuration to nginx.conf. + # The configuration should be well indented! + http_admin_configuration_snippet: | + # Add custom Nginx admin server configuration to nginx.conf. + # The configuration should be well indented! + http_end_configuration_snippet: | + # Add custom Nginx http end configuration to nginx.conf. + # The configuration should be well indented! + stream_configuration_snippet: | + # Add custom Nginx stream configuration to nginx.conf. + # The configuration should be well indented! + + http: + enable_access_log: true # Enable HTTP proxy access logging. + access_log: logs/access.log # Location of the access log. + access_log_buffer: 16384 # buffer size of access log. + access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"" + access_log_format_escape: default # Escape default or json characters in variables. + keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive. + client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP + client_body_timeout: 60s # Set the maximum time waiting for client to send the request body. + client_max_body_size: 0 # Set the maximum allowed size of the client request body. + send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing. + underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names. + real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header + real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive + real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from + - 127.0.0.1 + - "unix:" + proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS + + upstream: + keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers. + keepalive_requests: 1000 # Set the maximum number of requests that can be served through one + keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive. + charset: utf-8 # Add the charset to the "Content-Type" response header field. + variables_hash_max_size: 2048 # Set the maximum size of the variables hash table. + + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. + internal-status: 10m + plugin-limit-req: 10m + plugin-limit-count: 10m + prometheus-metrics: 10m + plugin-limit-conn: 10m + upstream-healthcheck: 10m + worker-events: 10m + lrucache-lock: 10m + balancer-ewma: 10m + balancer-ewma-locks: 10m + balancer-ewma-last-touched-at: 10m + plugin-limit-count-redis-cluster-slot-lock: 1m + tracing_buffer: 10m + plugin-api-breaker: 10m + etcd-cluster-health-check: 10m + discovery: 1m + jwks: 1m + introspection: 10m + access-tokens: 1m + ext-plugin: 1m + tars: 1m + cas-auth: 10m + ocsp-stapling: 10m + +graphql: + max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB. + +plugins: # plugin list (sorted by priority) +- real-ip # priority: 23000 +- ai # priority: 22900 +- client-control # priority: 22000 +- proxy-control # priority: 21990 +- request-id # priority: 12015 +- zipkin # priority: 12011 +#- skywalking # priority: 12010 +#- opentelemetry # priority: 12009 +- ext-plugin-pre-req # priority: 12000 +- fault-injection # priority: 11000 +- mocking # priority: 10900 +- serverless-pre-function # priority: 10000 +#- batch-requests # priority: 4010 +- cors # priority: 4000 +- ip-restriction # priority: 3000 +- ua-restriction # priority: 2999 +- referer-restriction # priority: 2990 +- csrf # priority: 2980 +- uri-blocker # priority: 2900 +- request-validation # priority: 2800 +- chaitin-waf # priority: 2700 +- multi-auth # priority: 2600 +- openid-connect # priority: 2599 +- cas-auth # priority: 2597 +- authz-casbin # priority: 2560 +- authz-casdoor # priority: 2559 +- wolf-rbac # priority: 2555 +- ldap-auth # priority: 2540 +- hmac-auth # priority: 2530 +- basic-auth # priority: 2520 +- jwt-auth # priority: 2510 +- jwe-decrypt # priority: 2509 +- key-auth # priority: 2500 +- consumer-restriction # priority: 2400 +- forward-auth # priority: 2002 +- opa # priority: 2001 +- authz-keycloak # priority: 2000 +#- error-log-logger # priority: 1091 +- proxy-cache # priority: 1085 +- body-transformer # priority: 1080 +- proxy-mirror # priority: 1010 +- proxy-rewrite # priority: 1008 +- workflow # priority: 1006 +- api-breaker # priority: 1005 +- limit-conn # priority: 1003 +- limit-count # priority: 1002 +- limit-req # priority: 1001 +#- node-status # priority: 1000 +#- brotli # priority: 996 +- gzip # priority: 995 +- server-info # priority: 990 +- traffic-split # priority: 966 +- redirect # priority: 900 +- response-rewrite # priority: 899 +- degraphql # priority: 509 +- kafka-proxy # priority: 508 +#- dubbo-proxy # priority: 507 +- grpc-transcode # priority: 506 +- grpc-web # priority: 505 +- http-dubbo # priority: 504 +- public-api # priority: 501 +- prometheus # priority: 500 +- datadog # priority: 495 +- loki-logger # priority: 414 +- elasticsearch-logger # priority: 413 +- echo # priority: 412 +- loggly # priority: 411 +- http-logger # priority: 410 +- splunk-hec-logging # priority: 409 +- skywalking-logger # priority: 408 +- google-cloud-logging # priority: 407 +- sls-logger # priority: 406 +- tcp-logger # priority: 405 +- kafka-logger # priority: 403 +- rocketmq-logger # priority: 402 +- syslog # priority: 401 +- udp-logger # priority: 400 +- file-logger # priority: 399 +- clickhouse-logger # priority: 398 +- tencent-cloud-cls # priority: 397 +- inspect # priority: 200 +#- log-rotate # priority: 100 +# <- recommend to use priority (0, 100) for your custom plugins +- example-plugin # priority: 0 +#- gm # priority: -43 +#- ocsp-stapling # priority: -44 +- aws-lambda # priority: -1899 +- azure-functions # priority: -1900 +- openwhisk # priority: -1901 +- openfunction # priority: -1902 +- serverless-post-function # priority: -2000 +- ext-plugin-post-req # priority: -3000 +- ext-plugin-post-resp # priority: -4000 + +stream_plugins: # stream plugin list (sorted by priority) +- ip-restriction # priority: 3000 +- limit-conn # priority: 1003 +- mqtt-proxy # priority: 1000 +#- prometheus # priority: 500 +- syslog # priority: 401 +# <- recommend to use priority (0, 100) for your custom plugins + +plugin_attr: # Plugin attributes + log-rotate: # Plugin: log-rotate + timeout: 10000 # maximum wait time for a log rotation(unit: millisecond) + interval: 3600 # Set the log rotate interval in seconds. + max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted. + max_size: -1 # Set the maximum size of log files in bytes before a rotation. + # Skip size check if max_size is less than 0. + enable_compression: false # Enable log file compression (gzip). + skywalking: # Plugin: skywalking + service_name: APISIX # Set the service name for SkyWalking reporter. + service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter. + endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint. + report_interval: 3 # Set the reporting interval in second. + opentelemetry: # Plugin: opentelemetry + trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces. + resource: + service.name: APISIX # Set the service name for OpenTelemetry traces. + collector: + address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to. + request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds. + request_headers: # Set the headers to include in requests to the OpenTelemetry collector. + Authorization: token # Set the authorization header to include an access token. + batch_span_processor: + drop_on_queue_full: false # Drop spans when the export queue is full. + max_queue_size: 1024 # Set the maximum size of the span export queue. + batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before + # being sent. + inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent, + # if the queue is not full. + max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the + set_ngx_var: false # export opentelemetry variables to nginx variables + # OpenTelemetry collector. + prometheus: # Plugin: prometheus + export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint. + metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX. + enable_export_server: true # Enable the Prometheus export server. + export_addr: # Set the address for the Prometheus export server. + ip: 127.0.0.1 # Set the IP. + port: 9091 # Set the port. + # metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html + # http_status: + # extra_labels: + # - upstream_addr: $upstream_addr + # - status: $upstream_status # The label name does not need to be the same as the variable name. + # http_latency: + # extra_labels: + # - upstream_addr: $upstream_addr + # bandwidth: + # extra_labels: + # - upstream_addr: $upstream_addr + # default_buckets: + # - 10 + # - 50 + # - 100 + # - 200 + # - 500 + server-info: # Plugin: server-info + report_ttl: 60 # Set the TTL in seconds for server info in etcd. + # Maximum: 86400. Minimum: 3. + dubbo-proxy: # Plugin: dubbo-proxy + upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over + # a single network connection between the Dubbo Proxy and the upstream + # Dubbo services. + proxy-mirror: # Plugin: proxy-mirror + timeout: # Set the timeout for mirrored requests. + connect: 60s + read: 60s + send: 60s + # redirect: # Plugin: redirect + # https_port: 8443 # Set the default port used to redirect HTTP to HTTPS. + inspect: # Plugin: inspect + delay: 3 # Set the delay in seconds for the frequency of checking the hooks file. + hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines + # hooks. Only administrators should have + # write access to this file for security. + zipkin: # Plugin: zipkin + set_ngx_var: false # export zipkin variables to nginx variables + +deployment: # Deployment configurations + role: traditional # Set deployment mode: traditional, control_plane, or data_plane. + role_traditional: + config_provider: etcd # Set the configuration center. + + #role_data_plane: # Set data plane details if role is data_plane. + # config_provider: etcd # Set the configuration center: etcd, xds, or yaml. + + #role_control_plane: # Set control plane details if role is control_plane. + # config_provider: etcd # Set the configuration center. + + admin: # Admin API + admin_key_required: true # Enable Admin API authentication by default for security. + admin_key: + - name: admin # admin: write access to configurations. + key: ${{APISIX_ADMIN_KEY}} # Set API key for the admin of Admin API. + role: admin + - name: viewer # viewer: read-only to configurations. + key: ${{APISIX_VIEWER_KEY}} # Set API key for the viewer of Admin API. + role: viewer + + enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`. + allow_admin: # Limit Admin API access by IP addresses. + - 127.0.0.0/24 # If not set, any IP address is allowed. + # - "::/64" + admin_listen: # Set the Admin API listening addresses. + ip: 0.0.0.0 # Set listening IP. + port: 9180 # Set listening port. Beware of port conflict with node_listen. + admin_api_version: v3 # Set the version of Admin API (latest: v3). + + etcd: + host: # Set etcd address(es) in the same etcd cluster. + - ${{APISIX_ETCD_URL}} # If TLS is enabled for etcd, use https://127.0.0.1:2379. + prefix: /apisix # Set etcd prefix. + timeout: 30 # The timeout when connect/read/write to etcd, Set timeout in seconds. + watch_timeout: 50 # The timeout when watch etcd + startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2. + tls: + verify: false diff --git a/base/apisix/resources/files/apisix-ic-config.yaml b/base/apisix/resources/files/apisix-ic-config.yaml new file mode 100644 index 0000000..2679af6 --- /dev/null +++ b/base/apisix/resources/files/apisix-ic-config.yaml @@ -0,0 +1,12 @@ +# log options +log_level: "info" +log_output: "stderr" +http_listen: ":8080" +enable_profiling: true +apisix_resource_sync_interval: 1h +kubernetes: + kubeconfig: "" + resync_interval: "6h" +apisix: + default_cluster_base_url: "{{ .APISIX_ADMIN_URL }}" + default_cluster_admin_key: "{{ .APISIX_ADMIN_KEY }}" diff --git a/base/apisix/resources/ingress-controller/kustomization.yaml b/base/apisix/resources/ingress-controller/kustomization.yaml new file mode 100644 index 0000000..3ec97e2 --- /dev/null +++ b/base/apisix/resources/ingress-controller/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://github.com/apache/apisix-ingress-controller/samples/deploy?ref=v1.8.0 + +patches: +- path: patches/ingress-controller.yaml diff --git a/base/apisix/resources/ingress-controller/patches/ingress-controller.yaml b/base/apisix/resources/ingress-controller/patches/ingress-controller.yaml new file mode 100644 index 0000000..0758cfb --- /dev/null +++ b/base/apisix/resources/ingress-controller/patches/ingress-controller.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ingress-controller +spec: + replicas: 3 + template: + spec: + containers: + - name: ingress-controller + image: "apache/apisix-ingress-controller:1.8.0" + envFrom: + - configMapRef: + name: apisix-env-config + - secretRef: + name: apisix-senstitive + initContainers: + - name: wait-apisix-admin + command: + - sh + - -c + - until nc -z apisix-admin 9180 ; do echo waiting for apisix-admin; sleep 2; done; + image: busybox:1.28 + imagePullPolicy: IfNotPresent diff --git a/base/apisix/resources/namespace.yaml b/base/apisix/resources/namespace.yaml new file mode 100644 index 0000000..07a0565 --- /dev/null +++ b/base/apisix/resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-apisix