In order to control the behavior of the proxy (Apache APISIX), the following CRDs should be defined.
ApisixRoute
corresponds to the Route
object in Apache APISIX. The Route
matches the client's request by defining rules, then loads and executes the corresponding plugin based on the matching result, and forwards the request to the specified Upstream. To learn more, please check the Apache APISIX architecture-design docs.
Structure example:
apiVersion: apisix.apache.org/v1 kind: ApisixRoute metadata: name: httpserverRoute namespace: cloud spec: rules: - host: test.apisix.apache.org http: paths: - backend: serviceName: httpserver servicePort: 8080 path: /hello* plugins: - name: limit-count enable: true config: count: 2 time_window: 60 rejected_code: 503 key: remote_addr
Field | Type | Description |
---|---|---|
rules | array | ApisixRoute's request matching rules. |
host | string | The requested host. |
http | object | Route rules are applied to the scope of layer 7 traffic. |
paths | array | Path-based route rule matching. |
backend | object | Backend service information configuration. |
serviceName | string | The name of backend service. namespace + serviceName + servicePort form an unique identifier to match the back-end service. |
servicePort | int | The port of backend service. namespace + serviceName + servicePort form an unique identifier to match the back-end service. |
path | string | The URI matched by the route. Supports exact match and prefix match. Example,exact match: /hello , prefix match: /hello* . |
plugins | array | Custom plugin collection (Plugins defined in the route level). For more plugin information, please refer to the Apache APISIX plugin docs. |
name | string | The name of the plugin. For more information about the example plugin, please check the limit-count docs. |
enable | boolean | Whether to enable the plugin, true : means enable, false : means disable. |
config | object | Configuration of plugin information. Note: The check of configuration schema is missing now, so please be careful when editing. |
Support partial annotation
Structure example:
apiVersion: apisix.apache.org/v1 kind: ApisixRoute metadata: annotations: k8s.apisix.apache.org/ingress.class: apisix_group k8s.apisix.apache.org/ssl-redirect: 'false' k8s.apisix.apache.org/whitelist-source-range: - 1.2.3.4/16 - 4.3.2.1/8 name: httpserverRoute namespace: cloud spec:
Field | Type | Description |
---|---|---|
k8s.apisix.apache.org/ssl-redirect | boolean | Whether to force http redirect to https. ture : means to force conversion to https, false : means not to convert. |
k8s.apisix.apache.org/ingress.class | string | Grouping of ingress. |
k8s.apisix.apache.org/whitelist-source-range | array | Whitelist of IPs allowed to be accessed. |
ApisixService
corresponds to the Service
object in Apache APISIX. A Service
is an abstraction of an API (which can also be understood as a set of Route abstractions). It usually corresponds to the upstream service abstraction. Between Route
and Service
, usually the relationship of N:1. To learn more, please check the Apache APISIX architecture-design docs.
Structure example:
apiVersion: apisix.apache.org/v1 kind: ApisixService metadata: name: httpserver namespace: cloud spec: upstream: httpserver port: 8080 plugins: - name: limit-count enable: true config: count: 2 time_window: 60 rejected_code: 503 key: remote_addr
Field | Type | Description |
---|---|---|
upstream | string | The name of the upstream service. |
port | int | The port number of the upstream service. |
plugins | array | Custom plugin collection (Plugins defined in the service level). For more plugin information, please refer to the Apache APISIX plugins docs. |
name | string | The name of the plugin. For more information about the example plugin, please check the limit-count docs. |
enable | boolean | Whether to enable the plugin, true : means enable, false : means disable. |
config | object | Configuration of plugin information. Note: The check of configuration schema is missing now, so please be careful when editing. |
ApisixUpstream
corresponds to the Upstream
object in Apache APISIX. Upstream is a virtual host abstraction that performs load balancing on a given set of service nodes according to configuration rules. Upstream address information can be directly configured to Route
(or Service
). When Upstream has duplicates, you need to use “reference” to avoid duplication. To learn more, please check the Apache APISIX architecture-design docs.
Structure example:
apiVersion: apisix.apache.org/v1 kind: ApisixUpstream metadata: name: httpserver namespace: cloud spec: ports: - port: 8080 loadbalancer: roundrobin
Field | Type | Description |
---|---|---|
ports | array | Custom upstream collection. |
port | int | Upstream service port number. |
loadbalancer | string/object | The load balance algorithm of this upstream service, optional value can be roundrobin or chash . |
ApisixTls
corresponds to the SSL load matching route in Apache APISIX. To learn more, please check the Apache APISIX architecture-design docs.
Structure example:
apiVersion: apisix.apache.org/v1 kind: ApisixSSL metadata: name: duiopen spec: hosts: - asr.duiopen.com - tts.duiopen.com secret: name: all.duiopen.com namespace: cloud
Field | Type | Description |
---|---|---|
hosts | array | The domain list to identify which hosts (matched with SNI) can use the TLS certificate stored in the Secret. |
secret | object | The definition of the related Secret object with current ApisixTls object. |
name | string | The name of secret, the secret contains key and cert for TLS . |
namespace | string | The namespace of secret , the secret contains key and cert for TLS . |