charts/apisix - apisix-helm-chart

tree: edb10d10b9b7527192de96c076ac9d840f5179cb [path history] [tgz]

charts/apisix/README.md

Apache APISIX for Kubernetes

Apache APISIX is a dynamic, real-time, high-performance API gateway.

APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.

You can use Apache APISIX to handle traditional north-south traffic, as well as east-west traffic between services. It can also be used as a k8s ingress controller.

This chart bootstraps all the components needed to run Apache APISIX on a Kubernetes Cluster using Helm.

Prerequisites

Kubernetes v1.14+
Helm v3+

Install

To install the chart with the release name my-apisix:

helm repo add apisix https://charts.apiseven.com
helm repo update

helm install [RELEASE_NAME] apisix/apisix --namespace ingress-apisix --create-namespace

Uninstall

To uninstall/delete a Helm release my-apisix:

helm delete [RELEASE_NAME] --namespace ingress-apisix

The command removes all the Kubernetes components associated with the chart and deletes the release.

Parameters

The following tables lists the configurable parameters of the apisix chart and their default values per section/component:

Global parameters

Parameter	Description	Default
`global.imagePullSecrets`	Global Docker registry secret names as an array	`[]` (does not add image pull secrets to deployed pods)

apisix parameters

Parameter	Description	Default
`apisix.enabled`	Enable or disable Apache APISIX itself	`true`
`apisix.enableIPv6`	Enable nginx IPv6 resolver	`true`
`apisix.enableCustomizedConfig`	Enable full customized `config.yaml`	`false`
`apisix.customizedConfig`	If `apisix.enableCustomizedConfig` is true, full customized `config.yaml`. Please note that other settings about APISIX config will be ignored	`{}`
`apisix.image.repository`	Apache APISIX image repository	`apache/apisix`
`apisix.image.tag`	Apache APISIX image tag	`{TAG_NAME}` (the latest Apache APISIX image tag)
`apisix.image.pullPolicy`	Apache APISIX image pull policy	`IfNotPresent`
`apisix.kind`	Apache APISIX kind use a `DaemonSet` or `Deployment`	`Deployment`
`apisix.replicaCount`	Apache APISIX deploy replica count,kind is DaemonSet,replicaCount not become effective	`1`
`apisix.podAnnotations`	Annotations to add to each pod	`{}`
`apisix.podSecurityContext`	Set the securityContext for Apache APISIX pods	`{}`
`apisix.securityContext`	Set the securityContext for Apache APISIX container	`{}`
`apisix.podDisruptionBudget.enabled`	Enable or disable podDisruptionBudget	`false`
`apisix.podDisruptionBudget.minAvailable`	Set the `minAvailable` of podDisruptionBudget. You can specify only one of `maxUnavailable` and `minAvailable` in a single PodDisruptionBudget. See Specifying a Disruption Budget for your Application for more details	`Not set`
`apisix.podDisruptionBudget.maxUnavailable`	Set the maxUnavailable of podDisruptionBudget	`1`
`apisix.resources`	Set pod resource requests & limits	`{}`
`apisix.nodeSelector`	Node labels for Apache APISIX pod assignment	`{}`
`apisix.tolerations`	List of node taints to tolerate	`{}`
`apisix.affinity`	Set affinity for Apache APISIX deploy	`{}`
`apisix.podAntiAffinity.enabled`	Enable or disable podAntiAffinity	`false`
`apisix.setIDFromPodUID`	Whether to use the Pod UID as the APISIX instance id, see apache/apisix#5417 to decide whether you should enable this setting)	`false`
`apisix.customLuaSharedDicts`	Add custom lua_shared_dict settings, click here to learn the format of a shared dict	`[]`
`apisix.pluginAttrs`	Set APISIX plugin attributes, see config-default.yaml for more details	`{}`
`apisix.luaModuleHook.enabled`	Whether to add a custom lua module	`false`
`apisix.luaModuleHook.luaPath`	Configure `LUA_PATH` so that your own lua module codes can be located	`""`
`apisix.luaModuleHook.hookPoint`	The entrypoint of your lua module, use Lua require syntax, like `"module.say_hello"`	`""`
`apisix.luaModuleHook.configMapRef.name`	Name of the ConfigMap where the lua module codes store	""
`apisix.luaModuleHook.configMapRef.mounts[].key`	Name of the ConfigMap key, for setting the mapping relationship between ConfigMap key and the lua module code path.	`""`
`apisix.luaModuleHook.configMapRef.mounts[].path`	Filepath of the plugin code, for setting the mapping relationship between ConfigMap key and the lua module code path.	`""`
`extraVolumes`	Additional `volume`, See Kubernetes Volumes for the detail.	`[]`
`extraVolumeMounts`	Additional `volumeMounts`, See Kubernetes Volumes for the detail.	`[]`

gateway parameters

Apache APISIX service parameters, this determines how users can access itself.

Parameter	Description	Default
`gateway.type`	Apache APISIX service type for user access itself	`NodePort`
`gateway.externalTrafficPolicy`	Setting how the Service route external traffic	`Cluster`
`gateway.http`	Apache APISIX service settings for http
`gateway.tls`	Apache APISIX service settings for tls
`gateway.tls.existingCASecret`	Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd)	`""`
`gateway.tls.certCAFilename`	filename be used in the `gateway.tls.existingCASecret`	`""`
`gateway.stream`	Apache APISIX service settings for stream
`gateway.ingress`	Using ingress access Apache APISIX service

admin parameters

Parameter	Description	Default
`admin.enabled`	Enable or disable Apache APISIX admin API	`true`
`admin.port`	which port to use for Apache APISIX admin API	`9180`
`admin.servicePort`	Service port to use for Apache APISIX admin API	`9180`
`admin.type`	Apache APISIX admin API service type	`ClusterIP`
`admin.externalIPs`	IPs for which nodes in the cluster will also accept traffic for the servic	`[]`
`admin.cors`	Apache APISIX admin API support CORS response headers	`true`
`admin.credentials.admin`	Apache APISIX admin API admin role credentials	`edd1c9f034335f136f87ad84b625c8f1`
`admin.credentials.viewer`	Apache APISIX admin API viewer role credentials	`4054f7cf07e344346cd3f287985e76a2`
`admin.allow.ipList`	the IP range allowed to Apache APISIX admin API	`true`

custom configuration snippet parameters

Parameter	Description	Default
`configurationSnippet.main`	Add custom Nginx configuration (main block) to nginx.conf	`{}`
`configurationSnippet.httpStart`	Add custom Nginx configuration (http block) to nginx.conf	`{}`
`configurationSnippet.httpEnd`	Add custom Nginx configuration (http block) to nginx.conf, will be put at the bottom of http block	`{}`
`configurationSnippet.httpSrv`	Add custom Nginx configuration (server block) to nginx.conf	`{}`
`configurationSnippet.httpAdmin`	Add custom Nginx configuration (Admin API server block) to nginx.conf	`{}`
`configurationSnippet.stream`	Add custom Nginx configuration (stream block) to nginx.conf	`{}`

etcd parameters

Parameter	Description	Default
`etcd.enabled`	use built-in etcd	`true`
`etcd.host`	if `etcd.enabled` is false, use external etcd, support multiple address, if your etcd cluster enables TLS, please use https scheme, e.g. https://127.0.0.1:2379.	`["http://etcd.host:2379"]`
`etcd.prefix`	apisix configurations prefix	`/apisix`
`etcd.timeout`	Set the timeout value in seconds for subsequent socket operations from apisix to etcd cluster	`30`
`etcd.auth.rbac.create`	Switch to enable RBAC authentication	`false`
`etcd.auth.rbac.user`	root username for etcd	`""`
`etcd.auth.rbac.password`	root password for etcd	`""`
`etcd.auth.tls.enabled`	enable etcd client certificate	`false`
`etcd.auth.tls.existingSecret`	name of the secret contains etcd client cert	`""`
`etcd.auth.tls.certFilename`	etcd client cert filename using in `etcd.auth.tls.existingSecret`	`""`
`etcd.auth.tls.certKeyFilename`	etcd client cert key filename using in `etcd.auth.tls.existingSecret`	`""`
`etcd.auth.tls.verify`	whether to verify the etcd endpoint certificate when setup a TLS connection to etcd	`true`
`etcd.auth.tls.sni`	specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset.	`""`

If etcd.enabled is true, set more values of bitnami/etcd helm chart use etcd as prefix.

plugins and stream_plugins parameters

Default enabled plugins. See configmap template for details.

external plugin parameters

Parameter	Description	Default
`extPlugin.enabled`	Enable External Plugins. See external plugin	`false`
`extPlugin.cmd`	the command and its arguements to run as a subprocess	`{}`

custom plugin parameters

Parameter	Description	Default
`apisix.customPlugins.enabled`	Whether to configure some custom plugins	`false`
`apisix.customPlugins.luaPath`	Configure `LUA_PATH` so that custom plugin codes can be located	`""`
`apisix.customPlugins.plugins[].name`	Custom plugin name	`""`
`apisix.customPlugins.plugins[].attrs`	Custom plugin attributes	`{}`
`apisix.customPlugins.plugins[].configMap.name`	Name of the ConfigMap where the plugin codes store	`""`
`apisix.customPlugins.plugins[].configMap.mounts[].key`	Name of the ConfigMap key, for setting the mapping relationship between ConfigMap key and the plugin code path.	`""`
`apisix.customPlugins.plugins[].configMap.mounts[].path`	Filepath of the plugin code, for setting the mapping relationship between ConfigMap key and the plugin code path.	`""`

discovery parameters

Parameter	Description	Default
`discovery.enabled`	Enable or disable Apache APISIX integration service discovery	`false`
`discovery.registry`	Registry is the same to the one in APISIX config-default.yaml, and refer to such file for more setting details. also refer to this documentation for integration service discovery	nil

If you have enabled this feature, here is an example:

discovery:
  enabled: true
  registry:
    eureka:
      host:
        - "http://${username}:${password}@${eureka_host1}:${eureka_port1}"
        - "http://${username}:${password}@${eureka_host2}:${eureka_port2}"
      prefix: "/eureka/"
      fetch_interval: 30
      weight: 100
      timeout:
        connect: 2000
        send: 2000
        read: 5000

logs parameters

Parameter	Description	Default
`logs.enableAccessLog`	Enable access log or not, default true	`true`
`logs.accessLog`	Access log path	`/dev/stdout`
`logs.accessLogFormat`	Access log format	`$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"`
`logs.accessLogFormatEscape`	Allows setting json or default characters escaping in variables	`default`
`logs.errorLog`	Error log path	`/dev/stderr`
`logs.errorLogLevel`	Error log level	`warn`

dashboard parameters

Configurations for apisix-dashboard sub chart.

ingress-controller parameters

Configurations for Apache APISIX ingress-controller sub chart.

serviceMonitor parameters

Parameter	Description	Default
`serviceMonitor.enabled`	Enable or disable Apache APISIX serviceMonitor	`false`
`serviceMonitor.namespace`	Namespace where the serviceMonitor is deployed	`""`
`serviceMonitor.interval`	Interval at which metrics should be scraped	`15s`
`serviceMonitor.path`	Path of the Prometheus metrics endpoint	`/apisix/prometheus/metrics`
`serviceMonitor.containerPort`	Container port which Prometheus metrics are exposed	`9091`
`serviceMonitor.labels`	ServiceMonitor extra labels	`{}`
`serviceMonitor.annotations`	ServiceMonitor annotations	`{}`