39 changed files with 0 additions and 973 deletions
--- a/.gitmodules
+++ b/.gitmodules
--- a/base/apisix/kustomization.yaml
+++ b/base/apisix/kustomization.yaml
@ -1,32 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: ingress-apisix
 resources:
 - resources/namespace.yaml
 - resources/etcd
 - resources/apisix-deployment.yaml
 - resources/apisix-svc.yaml
 - resources/apisix-dashboard
 - resources/ingress-controller
 configMapGenerator:
 - name: apisix-config
  files:
  - resources/files/apisix-config.yaml
 - name: apisix-env-config
  literals:
  - APISIX_NODE_LISTEN="9080"
  - APISIX_PORT_ADMIN="9180"
  - APISIX_ETCD_URL="http://etcd-server:2379"
  - APISIX_ADMIN_URL="http://apisix-admin:9180/apisix/admin"
 - name: apisix-ingress-cm
  behavior: replace
  files:
  - config.yaml=resources/files/apisix-ic-config.yaml
 secretGenerator:
 - name: apisix-senstitive
  literals:
  - APISIX_ADMIN_KEY="iom4ahdohzohzi4zoothug7iePhaLoijiequaacaiJeye"
  - APISIX_VIEWER_KEY="jah9ahquu8ohvaZ6iiQu9aeNie3uchie5goo4Fii8leif"
--- a/base/apisix/resources/apisix-dashboard/files/dashboard.yaml
+++ b/base/apisix/resources/apisix-dashboard/files/dashboard.yaml
@ -1,20 +0,0 @@
 conf:
  listen:
    host: 0.0.0.0
    port: 9000
  etcd:
    prefix: "/apisix"
    endpoints:
    - etcd-server:2379
  log:
    error_log:
      level: debug
      file_path: /dev/stderr
    access_log:
      file_path: /dev/stdout
 authentication:
  secret: secret
  expire_time: 3600
  users:
  - username: admin
    password: to4jo6vuaZ8Iehohch2deeN6LeaghohChe
--- a/base/apisix/resources/apisix-dashboard/kustomization.yaml
+++ b/base/apisix/resources/apisix-dashboard/kustomization.yaml
@ -1,18 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - resources/service-account.yaml
 - resources/deployment.yaml
 - resources/service.yaml
 configMapGenerator:
 - name: apisix-dashboard
  files:
  - config.yaml=files/dashboard.yaml
 secretGenerator:
 - name: apisix-dashboard-sensitive
  literals:
  - APISIX_DASHBOARD_ADMIN_USERNAME="admin"
  - APISIX_DASHBOARD_ADMIN_PASSWORD="shae9konga0ie0Ru"
--- a/base/apisix/resources/apisix-dashboard/resources/deployment.yaml
+++ b/base/apisix/resources/apisix-dashboard/resources/deployment.yaml
@ -1,71 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app.kubernetes.io/instance: apisix
    app.kubernetes.io/name: dashboard
    app.kubernetes.io/version: 3.0.0
  name: apisix-dashboard
 spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/instance: apisix
      app.kubernetes.io/name: dashboard
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: apisix
        app.kubernetes.io/name: dashboard
    spec:
      containers:
      - name: dashboard
        image: reg.cadoles.com/proxy_cache/apache/apisix-dashboard:3.0.0-alpine
        imagePullPolicy: IfNotPresent
        envFrom:
        - secretRef:
            name: apisix-dashboard-sensitive
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: http
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        ports:
        - containerPort: 9000
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: http
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext: {}
        volumeMounts:
        - mountPath: /usr/local/apisix-dashboard/conf/conf.yaml
          name: apisix-dashboard-config
          subPath: config.yaml
      restartPolicy: Always
      serviceAccount: apisix-dashboard
      serviceAccountName: apisix-dashboard
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          name: apisix-dashboard
        name: apisix-dashboard-config
--- a/base/apisix/resources/apisix-dashboard/resources/service-account.yaml
+++ b/base/apisix/resources/apisix-dashboard/resources/service-account.yaml
@ -1,8 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/instance: apisix
    app.kubernetes.io/name: dashboard
    app.kubernetes.io/version: 3.0.0
  name: apisix-dashboard
--- a/base/apisix/resources/apisix-dashboard/resources/service.yaml
+++ b/base/apisix/resources/apisix-dashboard/resources/service.yaml
@ -1,19 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/instance: apisix
    app.kubernetes.io/name: dashboard
    app.kubernetes.io/version: 3.0.0
  name: apisix-dashboard
 spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  selector:
    app.kubernetes.io/instance: apisix
    app.kubernetes.io/name: dashboard
  sessionAffinity: None
  type: ClusterIP
--- a/base/apisix/resources/apisix-deployment.yaml
+++ b/base/apisix/resources/apisix-deployment.yaml
@ -1,68 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: apisix
  labels:
    app.kubernetes.io/name: apisix
 spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: apisix
  template:
    metadata:
      labels:
        app.kubernetes.io/name: apisix
    spec:
      containers:
      - name: apisix
        image: "apache/apisix:3.2.2-debian"
        imagePullPolicy: IfNotPresent
        envFrom:
        - configMapRef:
            name: apisix-env-config
        - secretRef:
            name: apisix-senstitive
        ports:
        - name: http
          containerPort: 9080
          protocol: TCP
        - name: tls
          containerPort: 9443
          protocol: TCP
        - name: admin
          containerPort: 9180
          protocol: TCP
        readinessProbe:
          failureThreshold: 6
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          tcpSocket:
            port: 9080
          timeoutSeconds: 1
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - "sleep 30"
        volumeMounts:
        - mountPath: /usr/local/apisix/conf/config.yaml
          name: apisix-config
          subPath: apisix-config.yaml
        resources: {}
      initContainers:
      - name: wait-etcd
        command:
        - sh
        - -c
        - until nc -z etcd-server 2379; do echo waiting for etcd `date`; sleep 2; done;
        image: busybox:1.28
        imagePullPolicy: IfNotPresent
      volumes:
      - name: apisix-config
        configMap:
          defaultMode: 420
          name: apisix-config
--- a/base/apisix/resources/apisix-svc.yaml
+++ b/base/apisix/resources/apisix-svc.yaml
@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: apisix-admin
  labels:
    app.kubernetes.io/name: apisix
 spec:
  type: ClusterIP
  ports:
  - name: apisix-admin
    port: 9180
    targetPort: 9180
    protocol: TCP
  selector:
    app.kubernetes.io/name: apisix
--- a/base/apisix/resources/etcd/kustomization.yaml
+++ b/base/apisix/resources/etcd/kustomization.yaml
@ -1,9 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - https://github.com/kustomhippie/etcd.git?ref=v2.0.2 
    #- https://github.com/kustomhippie/etcd.git//snapshot?ref=v2.0.2 
 patches:
  - path: patches/statefulset.yaml
--- a/base/apisix/resources/etcd/patches/statefulset.yaml
+++ b/base/apisix/resources/etcd/patches/statefulset.yaml
@ -1,8 +0,0 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: etcd-server
 spec:
  replicas: 3
--- a/base/apisix/resources/files/apisix-config-old.yaml
+++ b/base/apisix/resources/files/apisix-config-old.yaml
@ -1,99 +0,0 @@
 apisix:
  node_listen: ${{APISIX_NODE_LISTEN}} # APISIX listening port
  enable_heartbeat: true
  enable_admin: true
  enable_admin_cors: true
  enable_debug: false
  enable_dev_mode: false # when set to true, sets Nginx worker_processes to 1
  enable_reuseport: true # when set to true, enables nginx SO_REUSEPORT switch
  enable_ipv6: true
  config_center: etcd # use etcd to store configuration
  allow_admin: # see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
  - 0.0.0.0/0
  port_admin: ${{APISIX_PORT_ADMIN}}
  # default token used when calling the Admin API
  # it is recommended to modify this value in production
  # when disabled, Admin API won't require any authentication
  admin_key:
  # admin: full access to configuration data
  - name: "admin"
    key: edd1c9f034335f136f87ad84b625c8f1
    role: admin
  # viewer: can only view the configuration data
  - name: "viewer"
    key: 4054f7cf07e344346cd3f287985e76a2
    role: viewer
  # dns_resolver:
  #   - 127.0.0.1
  dns_resolver_valid: 30
  resolver_timeout: 5
 nginx_config: # template configuration to generate nginx.conf
  error_log: "/dev/stderr"
  error_log_level: "warn" # warn, error
  worker_rlimit_nofile: 20480 # number of files a worker process can open. Should be larger than worker_connections
  event:
    worker_connections: 10620
  http:
    access_log: "/dev/stdout"
    keepalive_timeout: 60s # timeout for which a keep-alive client connection will stay open on the server side
    client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
    client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
    send_timeout: 10s # timeout for transmitting a response to the client, then the connection is closed
    underscores_in_headers: "on" # enables the use of underscores in client request header fields
    real_ip_header: "X-Real-IP" # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_from: # see: http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
    - 127.0.0.1
    - 'unix:'
 etcd:
  host:
  - ${{APISIX_ETCD_URL}}
  prefix: "/apisix" # APISIX configurations prefix
  timeout: 30 # in seconds
 plugins: # list of APISIX Plugins
 - api-breaker
 - authz-keycloak
 - basic-auth
 - batch-requests
 - consumer-restriction
 - cors
 - echo
 - fault-injection
 - grpc-transcode
 - hmac-auth
 - http-logger
 - ip-restriction
 - jwt-auth
 - kafka-logger
 - key-auth
 - limit-conn
 - limit-count
 - limit-req
 - node-status
 - openid-connect
 - prometheus
 - proxy-cache
 - proxy-mirror
 - proxy-rewrite
 - redirect
 - referer-restriction
 - request-id
 - request-validation
 - response-rewrite
 - serverless-post-function
 - serverless-pre-function
 - sls-logger
 - syslog
 - tcp-logger
 - udp-logger
 - uri-blocker
 - wolf-rbac
 - zipkin
 - traffic-split
 stream_plugins:
 - mqtt-proxy
--- a/base/apisix/resources/files/apisix-config.yaml
+++ b/base/apisix/resources/files/apisix-config.yaml
@ -1,380 +0,0 @@
 apisix:
  node_listen: # APISIX listening ports.
  - ${{APISIX_NODE_LISTEN}}
  enable_admin: true # Admin API
  enable_dev_mode: false # If true, set nginx `worker_processes` to 1.
  enable_reuseport: true # If true, enable nginx SO_REUSEPORT option.
  show_upstream_status_in_response_header: false # If true, include the upstream HTTP status code in
  enable_ipv6: false
  enable_server_tokens: true # If true, show APISIX version in the `Server` response header.
  extra_lua_path: "" # Extend lua_package_path to load third-party code.
  extra_lua_cpath: "" # Extend lua_package_cpath to load third-party code.
  proxy_cache: # Proxy Caching configuration
    cache_ttl: 10s # The default caching time on disk if the upstream does not specify a caching time.
    zones:
    - name: disk_cache_one # Name of the cache.
      memory_size: 50m # Size of the memory to store the cache index.
      disk_size: 1G # Size of the disk to store the cache data.
      disk_path: /tmp/disk_cache_one # Path to the cache file for disk cache.
      cache_levels: 1:2 # Cache hierarchy levels of disk cache.
    - name: memory_cache
      memory_size: 50m
  delete_uri_tail_slash: false # Delete the '/' at the end of the URI
  normalize_uri_like_servlet: false # If true, use the same path normalization rules as the Java
  router:
    http: radixtree_host_uri # radixtree_host_uri: match route by host and URI
    ssl: radixtree_sni # radixtree_sni: match route by SNI
  proxy_mode: http
  resolver_timeout: 5 # Set the time in seconds that the server will wait for a response from the
  enable_resolv_search_opt: true # If true, use search option in the resolv.conf file in DNS lookups.
  ssl:
    enable: true
    listen: # APISIX listening port for HTTPS traffic.
    - port: 9443
      enable_http2: true
    ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported.
    ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl_session_tickets: false # If true, session tickets are used for SSL/TLS connections.
  enable_control: true # Control API
  disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED.
  data_encryption: # Data encryption settings.
    enable_encrypt_fields: false # Whether enable encrypt fields specified in `encrypt_fields` in plugin schema.
    keyring: # This field is used to encrypt the private key of SSL and the `encrypt_fields`
    - qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It should be a hexadecimal string
    - edd1c9f0985e76a2 # If not set, APISIX saves the original data into etcd.
  events: # Event distribution module configuration
    module: lua-resty-events # Sets the name of the events module used.
 nginx_config: # Config for render the template to generate nginx.conf
  error_log: logs/error.log # Location of the error log.
  error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg.
  worker_processes: auto # Automatically determine the optimal number of worker processes based
  enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the
  worker_rlimit_nofile: 20480 # The number of files a worker process can open.
  worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes.
  max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time.
  max_running_timers: 4096 # The maximum number of running timers that can be active at any given time.
  event:
    worker_connections: 10620
  meta:
    lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
      prometheus-metrics: 15m
  stream:
    enable_access_log: false # Enable stream proxy access logging.
    access_log: logs/access_stream.log # Location of the stream access log.
    access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html
    access_log_format_escape: default # Escape default or json characters in variables.
    lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
      etcd-cluster-health-check-stream: 10m
      lrucache-lock-stream: 10m
      plugin-limit-conn-stream: 10m
      worker-events-stream: 10m
      tars-stream: 1m
  main_configuration_snippet: |
    # Add custom Nginx main configuration to nginx.conf.
    # The configuration should be well indented!
  http_configuration_snippet: |
    # Add custom Nginx http configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_configuration_snippet: |
    # Add custom Nginx http server configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_location_configuration_snippet: |
    # Add custom Nginx http server location configuration to nginx.conf.
    # The configuration should be well indented!
  http_admin_configuration_snippet: |
    # Add custom Nginx admin server configuration to nginx.conf.
    # The configuration should be well indented!
  http_end_configuration_snippet: |
    # Add custom Nginx http end configuration to nginx.conf.
    # The configuration should be well indented!
  stream_configuration_snippet: |
    # Add custom Nginx stream configuration to nginx.conf.
    # The configuration should be well indented!
  http:
    enable_access_log: true # Enable HTTP proxy access logging.
    access_log: logs/access.log # Location of the access log.
    access_log_buffer: 16384 # buffer size of access log.
    access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
    access_log_format_escape: default # Escape default or json characters in variables.
    keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
    client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP
    client_body_timeout: 60s # Set the maximum time waiting for client to send the request body.
    client_max_body_size: 0 # Set the maximum allowed size of the client request body.
    send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing.
    underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names.
    real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
    real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
    - 127.0.0.1
    - "unix:"
    proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS
    upstream:
      keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers.
      keepalive_requests: 1000 # Set the maximum number of requests that can be served through one
      keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
    charset: utf-8 # Add the charset to the "Content-Type" response header field.
    variables_hash_max_size: 2048 # Set the maximum size of the variables hash table.
    lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
      internal-status: 10m
      plugin-limit-req: 10m
      plugin-limit-count: 10m
      prometheus-metrics: 10m
      plugin-limit-conn: 10m
      upstream-healthcheck: 10m
      worker-events: 10m
      lrucache-lock: 10m
      balancer-ewma: 10m
      balancer-ewma-locks: 10m
      balancer-ewma-last-touched-at: 10m
      plugin-limit-count-redis-cluster-slot-lock: 1m
      tracing_buffer: 10m
      plugin-api-breaker: 10m
      etcd-cluster-health-check: 10m
      discovery: 1m
      jwks: 1m
      introspection: 10m
      access-tokens: 1m
      ext-plugin: 1m
      tars: 1m
      cas-auth: 10m
      ocsp-stapling: 10m
 graphql:
  max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB.
 plugins: # plugin list (sorted by priority)
 - real-ip # priority: 23000
 - ai # priority: 22900
 - client-control # priority: 22000
 - proxy-control # priority: 21990
 - request-id # priority: 12015
 - zipkin # priority: 12011
 #- skywalking                    # priority: 12010
 #- opentelemetry                 # priority: 12009
 - ext-plugin-pre-req # priority: 12000
 - fault-injection # priority: 11000
 - mocking # priority: 10900
 - serverless-pre-function # priority: 10000
 #- batch-requests                # priority: 4010
 - cors # priority: 4000
 - ip-restriction # priority: 3000
 - ua-restriction # priority: 2999
 - referer-restriction # priority: 2990
 - csrf # priority: 2980
 - uri-blocker # priority: 2900
 - request-validation # priority: 2800
 - chaitin-waf # priority: 2700
 - multi-auth # priority: 2600
 - openid-connect # priority: 2599
 - cas-auth # priority: 2597
 - authz-casbin # priority: 2560
 - authz-casdoor # priority: 2559
 - wolf-rbac # priority: 2555
 - ldap-auth # priority: 2540
 - hmac-auth # priority: 2530
 - basic-auth # priority: 2520
 - jwt-auth # priority: 2510
 - jwe-decrypt # priority: 2509
 - key-auth # priority: 2500
 - consumer-restriction # priority: 2400
 - forward-auth # priority: 2002
 - opa # priority: 2001
 - authz-keycloak # priority: 2000
 #- error-log-logger              # priority: 1091
 - proxy-cache # priority: 1085
 - body-transformer # priority: 1080
 - proxy-mirror # priority: 1010
 - proxy-rewrite # priority: 1008
 - workflow # priority: 1006
 - api-breaker # priority: 1005
 - limit-conn # priority: 1003
 - limit-count # priority: 1002
 - limit-req # priority: 1001
 #- node-status                   # priority: 1000
 #- brotli                        # priority: 996
 - gzip # priority: 995
 - server-info # priority: 990
 - traffic-split # priority: 966
 - redirect # priority: 900
 - response-rewrite # priority: 899
 - degraphql # priority: 509
 - kafka-proxy # priority: 508
 #- dubbo-proxy                   # priority: 507
 - grpc-transcode # priority: 506
 - grpc-web # priority: 505
 - http-dubbo # priority: 504
 - public-api # priority: 501
 - prometheus # priority: 500
 - datadog # priority: 495
 - loki-logger # priority: 414
 - elasticsearch-logger # priority: 413
 - echo # priority: 412
 - loggly # priority: 411
 - http-logger # priority: 410
 - splunk-hec-logging # priority: 409
 - skywalking-logger # priority: 408
 - google-cloud-logging # priority: 407
 - sls-logger # priority: 406
 - tcp-logger # priority: 405
 - kafka-logger # priority: 403
 - rocketmq-logger # priority: 402
 - syslog # priority: 401
 - udp-logger # priority: 400
 - file-logger # priority: 399
 - clickhouse-logger # priority: 398
 - tencent-cloud-cls # priority: 397
 - inspect # priority: 200
 #- log-rotate                    # priority: 100
 # <- recommend to use priority (0, 100) for your custom plugins
 - example-plugin # priority: 0
 #- gm                            # priority: -43
 #- ocsp-stapling                 # priority: -44
 - aws-lambda # priority: -1899
 - azure-functions # priority: -1900
 - openwhisk # priority: -1901
 - openfunction # priority: -1902
 - serverless-post-function # priority: -2000
 - ext-plugin-post-req # priority: -3000
 - ext-plugin-post-resp # priority: -4000
 stream_plugins: # stream plugin list (sorted by priority)
 - ip-restriction # priority: 3000
 - limit-conn # priority: 1003
 - mqtt-proxy # priority: 1000
 #- prometheus                    # priority: 500
 - syslog # priority: 401
 # <- recommend to use priority (0, 100) for your custom plugins
 plugin_attr: # Plugin attributes
  log-rotate: # Plugin: log-rotate
    timeout: 10000 # maximum wait time for a log rotation(unit: millisecond)
    interval: 3600 # Set the log rotate interval in seconds.
    max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted.
    max_size: -1 # Set the maximum size of log files in bytes before a rotation.
    # Skip size check if max_size is less than 0.
    enable_compression: false # Enable log file compression (gzip).
  skywalking: # Plugin: skywalking
    service_name: APISIX # Set the service name for SkyWalking reporter.
    service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter.
    endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint.
    report_interval: 3 # Set the reporting interval in second.
  opentelemetry: # Plugin: opentelemetry
    trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces.
    resource:
      service.name: APISIX # Set the service name for OpenTelemetry traces.
    collector:
      address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to.
      request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds.
      request_headers: # Set the headers to include in requests to the OpenTelemetry collector.
        Authorization: token # Set the authorization header to include an access token.
    batch_span_processor:
      drop_on_queue_full: false # Drop spans when the export queue is full.
      max_queue_size: 1024 # Set the maximum size of the span export queue.
      batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before
      # being sent.
      inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent,
      # if the queue is not full.
      max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the
    set_ngx_var: false # export opentelemetry variables to nginx variables
    # OpenTelemetry collector.
  prometheus: # Plugin: prometheus
    export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint.
    metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX.
    enable_export_server: true # Enable the Prometheus export server.
    export_addr: # Set the address for the Prometheus export server.
      ip: 127.0.0.1 # Set the IP.
      port: 9091 # Set the port.
      # metrics:    # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html
      #  http_status:
      #    extra_labels:
      #      - upstream_addr: $upstream_addr
      #      - status: $upstream_status  # The label name does not need to be the same as the variable name.
      #  http_latency:
      #    extra_labels:
      #      - upstream_addr: $upstream_addr
      #  bandwidth:
      #    extra_labels:
      #      - upstream_addr: $upstream_addr
      # default_buckets:
      #   - 10
      #   - 50
      #   - 100
      #   - 200
      #   - 500
  server-info: # Plugin: server-info
    report_ttl: 60 # Set the TTL in seconds for server info in etcd.
    # Maximum: 86400. Minimum: 3.
  dubbo-proxy: # Plugin: dubbo-proxy
    upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over
    # a single network connection between the Dubbo Proxy and the upstream
    # Dubbo services.
  proxy-mirror: # Plugin: proxy-mirror
    timeout: # Set the timeout for mirrored requests.
      connect: 60s
      read: 60s
      send: 60s
  # redirect:                         # Plugin: redirect
  #   https_port: 8443                # Set the default port used to redirect HTTP to HTTPS.
  inspect: # Plugin: inspect
    delay: 3 # Set the delay in seconds for the frequency of checking the hooks file.
    hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines
    # hooks. Only administrators should have
    # write access to this file for security.
  zipkin: # Plugin: zipkin
    set_ngx_var: false # export zipkin variables to nginx variables
 deployment: # Deployment configurations
  role: traditional # Set deployment mode: traditional, control_plane, or data_plane.
  role_traditional:
    config_provider: etcd # Set the configuration center.
  #role_data_plane:            # Set data plane details if role is data_plane.
  #  config_provider: etcd     # Set the configuration center: etcd, xds, or yaml.
  #role_control_plane:         # Set control plane details if role is control_plane.
  #  config_provider: etcd     # Set the configuration center.
  admin: # Admin API
    admin_key_required: true # Enable Admin API authentication by default for security.
    admin_key:
    - name: admin # admin: write access to configurations.
      key: ${{APISIX_ADMIN_KEY}} # Set API key for the admin of Admin API.
      role: admin
    - name: viewer # viewer: read-only to configurations.
      key: ${{APISIX_VIEWER_KEY}} # Set API key for the viewer of Admin API.
      role: viewer
    enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`.
    allow_admin: # Limit Admin API access by IP addresses.
    - 127.0.0.0/24 # If not set, any IP address is allowed.
    # - "::/64"
    admin_listen: # Set the Admin API listening addresses.
      ip: 0.0.0.0 # Set listening IP.
      port: 9180 # Set listening port. Beware of port conflict with node_listen.
    admin_api_version: v3 # Set the version of Admin API (latest: v3).
  etcd:
    host: # Set etcd address(es) in the same etcd cluster.
    - ${{APISIX_ETCD_URL}} # If TLS is enabled for etcd, use https://127.0.0.1:2379.
    prefix: /apisix # Set etcd prefix.
    timeout: 30 # The timeout when connect/read/write to etcd, Set timeout in seconds.
    watch_timeout: 50 # The timeout when watch etcd
    startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2.
    tls:
      verify: false
--- a/base/apisix/resources/files/apisix-ic-config.yaml
+++ b/base/apisix/resources/files/apisix-ic-config.yaml
@ -1,12 +0,0 @@
 # log options                                                                                                                                                                                              
 log_level: "info"
 log_output: "stderr"
 http_listen: ":8080"
 enable_profiling: true
 apisix_resource_sync_interval: 1h
 kubernetes:
  kubeconfig: ""
  resync_interval: "6h"
 apisix:
  default_cluster_base_url: "{{ .APISIX_ADMIN_URL }}"
  default_cluster_admin_key: "{{ .APISIX_ADMIN_KEY }}"
--- a/base/apisix/resources/ingress-controller/kustomization.yaml
+++ b/base/apisix/resources/ingress-controller/kustomization.yaml
@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - https://github.com/apache/apisix-ingress-controller/samples/deploy?ref=v1.8.0
 patches:
 - path: patches/ingress-controller.yaml
--- a/base/apisix/resources/ingress-controller/patches/ingress-controller.yaml
+++ b/base/apisix/resources/ingress-controller/patches/ingress-controller.yaml
@ -1,24 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ingress-controller
 spec:
  replicas: 3
  template:
    spec:
      containers:
      - name: ingress-controller
        image: "apache/apisix-ingress-controller:1.8.0"
        envFrom:
        - configMapRef:
            name: apisix-env-config
        - secretRef:
            name: apisix-senstitive
      initContainers:
      - name: wait-apisix-admin
        command:
        - sh
        - -c
        - until nc -z apisix-admin 9180 ; do echo waiting for apisix-admin; sleep 2; done;
        image: busybox:1.28
        imagePullPolicy: IfNotPresent
--- a/base/apisix/resources/namespace.yaml
+++ b/base/apisix/resources/namespace.yaml
@ -1,4 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: ingress-apisix
--- a/base/cert-manager/kustomization.yaml
+++ b/base/cert-manager/kustomization.yaml
@ -1,6 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: cert-manager
 resources:
 - https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
--- a/base/cloudnative-pg-operator/configurations/cnpg-cluster.yaml
+++ b/base/cloudnative-pg-operator/configurations/cnpg-cluster.yaml
@ -1,12 +0,0 @@
 ---
 nameReference:
 - kind: Secret
  fieldSpecs:
  - path: spec/superuserSecret/name
    kind: Cluster
  - path: spec/bootstrap/initdb/secret/name
    kind: Cluster
  - path: spec/backup/barmanObjectStore/s3Credentials/accessKeyId/name
    kind: Cluster
  - path: spec/backup/barmanObjectStore/s3Credentials/secretAccessKey/name
    kind: Cluster
--- a/base/cloudnative-pg-operator/kustomization.yaml
+++ b/base/cloudnative-pg-operator/kustomization.yaml
@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.21.1/cnpg-1.21.1.yaml
 configurations:
  - ./configurations/cnpg-cluster.yaml
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
@ -1,13 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 bases:
 - ./metallb
 - https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
 - ./rabbitmq
 - ./postgresql
 - ./redis
 - ./minio
 - ./metrics
 - ./nginx
 - ./cloudnative-pg-operator
--- a/base/local-path-provisionner/kustomization.yaml
+++ b/base/local-path-provisionner/kustomization.yaml
@ -1,6 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - github.com/rancher/local-path-provisioner/deploy?ref=v0.0.23
--- a/base/longhorn/kustomization.yaml
+++ b/base/longhorn/kustomization.yaml
@ -1,6 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - https://raw.githubusercontent.com/longhorn/longhorn/v1.5.1/deploy/longhorn.yaml
 - ./resources/storage-class.yaml
--- a/base/longhorn/resources/storage-class.yaml
+++ b/base/longhorn/resources/storage-class.yaml
@ -1,11 +0,0 @@
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
  name: longhorn
 provisioner: driver.longhorn.io
 allowVolumeExpansion: true
 parameters:
  numberOfReplicas: "3"
  staleReplicaTimeout: "2880" # 48 hours in minutes
  fromBackup: ""
  fsType: "ext4"
--- a/base/mattermost-operator/kustomization.yaml
+++ b/base/mattermost-operator/kustomization.yaml
@ -1,6 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./resources/namespace.yaml
  - https://raw.githubusercontent.com/mattermost/mattermost-operator/master/docs/mattermost-operator/mattermost-operator.yaml
--- a/base/mattermost-operator/resources/namespace.yaml
+++ b/base/mattermost-operator/resources/namespace.yaml
@ -1,4 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: mattermost-operator
--- a/base/metallb/kustomization.yaml
+++ b/base/metallb/kustomization.yaml
@ -1,7 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: metallb-system
 resources:
  - ./secrets
  - github.com/metallb/metallb/config/native?ref=v0.13.7
--- a/base/metallb/secrets/kustomization.yaml
+++ b/base/metallb/secrets/kustomization.yaml
@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: metallb-system
 secretGenerator:
 - name: memberlist
  literals:
  - secretkey=FiXmEiAmNoTaReAlSeCr3tAnDineedtobereplacewithapropersecretforyourinfrastruture 
--- a/base/metrics/kustomization.yaml
+++ b/base/metrics/kustomization.yaml
@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.4/high-availability-1.21+.yaml
 patches:
 - path: ./patches/high-availability-1.21+.yaml
--- a/base/metrics/patches/high-availability-1.21+.yaml
+++ b/base/metrics/patches/high-availability-1.21+.yaml
@ -1,17 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: metrics-server
  namespace: kube-system
 spec:
  replicas: 3
  template:
    spec:
      containers:
      - name: metrics-server
        args:
        - --cert-dir=/tmp
        - --secure-port=4443
        - --kubelet-preferred-address-types=Hostname
        - --kubelet-use-node-status-port
        - --metric-resolution=15s
--- a/base/minio/configurations/tenants.minio.min.io.yaml
+++ b/base/minio/configurations/tenants.minio.min.io.yaml
@ -1,14 +0,0 @@
 ---
 nameReference:
 - kind: Secret
  fieldSpecs:
  - path: spec/credsSecret/name
    kind: Tenant
 - kind: Secret
  fieldSpecs:
  - path: spec/configuration/name
    kind: Tenant
 - kind: Secret
  fieldSpecs:
  - path: spec/users/name
    kind: Tenant
--- a/base/minio/kustomization.yaml
+++ b/base/minio/kustomization.yaml
@ -1,13 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: minio-operator
 commonAnnotations:
  operator.min.io/authors: "MinIO, Inc."
  operator.min.io/license: "AGPLv3"
  operator.min.io/support: "https://subnet.min.io"
 resources:
 - github.com/minio/operator/resources?ref=v5.0.10
 configurations:
 - ./configurations/tenants.minio.min.io.yaml
--- a/base/nginx/kustomization.yaml
+++ b/base/nginx/kustomization.yaml
@ -1,2 +0,0 @@
 resources:
  - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml
--- a/base/postgresql/kustomization.yaml
+++ b/base/postgresql/kustomization.yaml
@ -1,10 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: postgresql-operator
 resources:
  - namespace.yaml
  - github.com/zalando/postgres-operator/manifests?ref=v1.9.0
  - github.com/zalando/postgres-operator/ui/manifests?ref=v1.9.0
--- a/base/postgresql/namespace.yaml
+++ b/base/postgresql/namespace.yaml
@ -1,4 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: postgresql-operator
--- a/base/rabbitmq/kustomization.yaml
+++ b/base/rabbitmq/kustomization.yaml
@ -1,7 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: rabbitmq-operator
 resources:
  #- namespace.yaml
 - https://github.com/rabbitmq/cluster-operator/releases/download/v2.5.0/cluster-operator.yml
--- a/base/rabbitmq/namespace.yaml
+++ b/base/rabbitmq/namespace.yaml
@ -1,4 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: rabbitmq-operator
--- a/base/redis/kustomization.yaml
+++ b/base/redis/kustomization.yaml
@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: redis-operator
 resources:
  - namespace.yaml
  - github.com/spotahome/redis-operator/manifests/kustomize/overlays/default?ref=v1.2.4
--- a/base/redis/namespace.yaml
+++ b/base/redis/namespace.yaml
@ -1,4 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: redis-operator
		`@ -1,2 +0,0 @@`
			`resources:`
			`- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml`