feat(apisix): add hostPort support (fixes #301)

b4u-mw · b4u-mw · commit 50cdd32a074c · 2026-04-23T09:49:36.000+02:00
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
@@ -127,6 +127,7 @@ The command removes all the Kubernetes components associated with the chart and
 | apisix.ssl.enabled | bool | `false` |  |
 | apisix.ssl.existingCASecret | string | `""` | Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) |
 | apisix.ssl.fallbackSNI | string | `""` | Define SNI to fallback if none is presented by client |
+| apisix.ssl.hostPort | number | `nil` | Bind the APISIX HTTPS container port to a host port. |
 | apisix.ssl.sslCiphers | string | `"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"` | TLS ciphers allowed to use. |
 | apisix.ssl.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols allowed to use. |
 | apisix.status.ip | string | `"0.0.0.0"` |  |
@@ -218,8 +219,9 @@ The command removes all the Kubernetes components associated with the chart and
 | securityContext | object | `{}` | Set the securityContext for Apache APISIX container |
 | service.externalIPs | list | `[]` |  |
 | service.externalTrafficPolicy | string | `"Cluster"` |  |
-| service.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"servicePort":80}` | Apache APISIX service settings for http |
+| service.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"hostPort":null,"servicePort":80}` | Apache APISIX service settings for http |
 | service.http.additionalContainerPorts | list | `[]` | Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) |
+| service.http.hostPort | number | `nil` | Bind the APISIX HTTP container port to a host port. |
 | service.labelsOverride | object | `{}` | Override default labels assigned to Apache APISIX gateway resources |
 | service.stream | object | `{"enabled":false,"tcp":[],"udp":[]}` | Apache APISIX service settings for stream. L4 proxy (TCP/UDP) |
 | service.tls | object | `{"servicePort":443}` | Apache APISIX service settings for tls |
diff --git a/charts/apisix/templates/deployment.yaml b/charts/apisix/templates/deployment.yaml
@@ -104,6 +104,9 @@ spec:
             - name: http
               containerPort: {{ .Values.service.http.containerPort }}
               protocol: TCP
+              {{- with .Values.service.http.hostPort }}
+              hostPort: {{ . }}
+              {{- end }}
             {{- range .Values.service.http.additionalContainerPorts }}
             - name: http-{{ .port | toString }}
               containerPort: {{ .port }}
@@ -112,6 +115,9 @@ spec:
             - name: tls
               containerPort: {{ .Values.apisix.ssl.containerPort }}
               protocol: TCP
+              {{- if and .Values.apisix.ssl.enabled .Values.apisix.ssl.hostPort }}
+              hostPort: {{ .Values.apisix.ssl.hostPort }}
+              {{- end }}
             {{- range .Values.apisix.ssl.additionalContainerPorts }}
             - name: tls-{{ .port | toString }}
               containerPort: {{ .port }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
@@ -177,6 +177,8 @@ service:
     enabled: true
     servicePort: 80
     containerPort: 9080
+    # -- (number) Bind the APISIX HTTP container port to a host port.
+    hostPort:
     # -- Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
     additionalContainerPorts: []
       # - port: 9081
@@ -308,6 +310,8 @@ apisix:
   ssl:
     enabled: false
     containerPort: 9443
+    # -- (number) Bind the APISIX HTTPS container port to a host port.
+    hostPort:
     # -- Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
     additionalContainerPorts: []
       # - ip: 127.0.0.3           # Specific IP, If not set, the default value is `0.0.0.0`.
