diff --git a/charts/apisix-ingress-controller/README.md b/charts/apisix-ingress-controller/README.md index 886ada18..bf3dd3eb 100644 --- a/charts/apisix-ingress-controller/README.md +++ b/charts/apisix-ingress-controller/README.md @@ -141,11 +141,19 @@ The same for container level, you need to set: | deployment.tolerations | list | `[]` | | | deployment.topologySpreadConstraints | list | `[]` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | | fullnameOverride | string | `""` | | -| gatewayProxy.createDefault | bool | `false` | | -| gatewayProxy.provider.controlPlane.auth.adminKey.value | string | `"edd1c9f034335f136f87ad84b625c8f1"` | | -| gatewayProxy.provider.controlPlane.auth.type | string | `"AdminKey"` | | -| gatewayProxy.provider.controlPlane.endpoints | list | `[]` | | -| gatewayProxy.provider.type | string | `"ControlPlane"` | | +| gatewayProxy.createDefault | bool | `false` | Controls whether to create a default GatewayProxy custom resource. | +| gatewayProxy.provider | object | `{"controlPlane":{"auth":{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"},"endpoints":[],"service":{"name":"","port":9180}},"pluginMetadata":{},"plugins":[],"type":"ControlPlane"}` | Configuration for the GatewayProxy provider connection | +| gatewayProxy.provider.controlPlane | object | `{"auth":{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"},"endpoints":[],"service":{"name":"","port":9180}}` | ControlPlane provider specific configuration Either `endpoints` or `service` must be specified, but not both. | +| gatewayProxy.provider.controlPlane.auth | object | `{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"}` | Authentication configuration for control plane connection | +| gatewayProxy.provider.controlPlane.auth.adminKey | object | `{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}}` | AdminKey authentication configuration. Either `value` or `valueFrom` must be specified, but not both. | +| gatewayProxy.provider.controlPlane.auth.adminKey.value | string | `"edd1c9f034335f136f87ad84b625c8f1"` | The admin key value for authentication. | +| gatewayProxy.provider.controlPlane.auth.adminKey.valueFrom | object | `{}` | Reference to admin key stored in a Kubernetes Secret | +| gatewayProxy.provider.controlPlane.auth.type | string | `AdminKey` | Authentication type. Only `AdminKey` is currently supported. | +| gatewayProxy.provider.controlPlane.endpoints | list | `[]` | List of APISIX control plane Admin API endpoints. example: ["http://apisix-admin.default.svc.cluster.local:9180"] | +| gatewayProxy.provider.controlPlane.service | object | `{"name":"","port":9180}` | Alternatively, reference a Kubernetes Service for the APISIX Admin API. | +| gatewayProxy.provider.pluginMetadata | object | `{}` | Global plugin metadata shared by all instances of the same plugin. | +| gatewayProxy.provider.plugins | list | `[]` | List of global plugins to be enabled on the GatewayProxy. | +| gatewayProxy.provider.type | string | `"ControlPlane"` | Specifies the provider type for the GatewayProxy. | | labelsOverride | object | `{}` | Override default labels assigned to Apache APISIX ingress controller resource | | nameOverride | string | `""` | Default values for apisix-ingress-controller. This is a YAML-formatted file. Declare variables to be passed into your templates. | | podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":"90%"}` | See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details | diff --git a/charts/apisix-ingress-controller/templates/gatewayproxy.yaml b/charts/apisix-ingress-controller/templates/gatewayproxy.yaml index 8c767cbc..69bc6ead 100644 --- a/charts/apisix-ingress-controller/templates/gatewayproxy.yaml +++ b/charts/apisix-ingress-controller/templates/gatewayproxy.yaml @@ -24,11 +24,53 @@ spec: provider: type: {{ .Values.gatewayProxy.provider.type }} controlPlane: + {{- if .Values.gatewayProxy.provider.controlPlane.endpoints }} + endpoints: + {{- toYaml .Values.gatewayProxy.provider.controlPlane.endpoints | nindent 8 }} + {{- else if .Values.gatewayProxy.provider.controlPlane.service.name }} + service: + name: {{ .Values.gatewayProxy.provider.controlPlane.service.name }} + port: {{ .Values.gatewayProxy.provider.controlPlane.service.port }} + {{- else }} service: name: {{ .Values.apisix.adminService.name }} port: {{ .Values.apisix.adminService.port }} + {{- end }} + + {{- with .Values.gatewayProxy.provider.controlPlane.tlsVerify }} + tlsVerify: {{ . }} + {{- end }} + {{- with .Values.gatewayProxy.provider.controlPlane.auth }} auth: - {{- toYaml . | nindent 8 }} + type: {{ .type }} + {{- with .adminKey }} + adminKey: + {{- if .valueFrom }} + valueFrom: + {{- toYaml .valueFrom | nindent 12 }} + {{- else if .value }} + value: {{ .value | quote }} + {{- end }} + {{- end }} {{- end }} + + {{- with .Values.gatewayProxy.publishService }} + publishService: {{ . | quote }} + {{- end }} + + {{- with .Values.gatewayProxy.statusAddress }} + statusAddress: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.gatewayProxy.plugins }} + plugins: + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.gatewayProxy.pluginMetadata }} + pluginMetadata: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml index ec68e3a0..67034739 100644 --- a/charts/apisix-ingress-controller/values.yaml +++ b/charts/apisix-ingress-controller/values.yaml @@ -94,17 +94,67 @@ config: ingressClass: apisix defaultIngressClass: false +# The GatewayProxy resource configures gateway proxy instances including networking, +# provider connection, global plugins, and plugin metadata. gatewayProxy: + # -- Controls whether to create a default GatewayProxy custom resource. createDefault: false + + # -- Configuration for the GatewayProxy provider connection provider: + # -- Specifies the provider type for the GatewayProxy. type: ControlPlane + + # -- ControlPlane provider specific configuration + # Either `endpoints` or `service` must be specified, but not both. controlPlane: + # -- List of APISIX control plane Admin API endpoints. + # example: ["http://apisix-admin.default.svc.cluster.local:9180"] endpoints: [] + + # -- Alternatively, reference a Kubernetes Service for the APISIX Admin API. + service: + name: "" + port: 9180 + + # -- Authentication configuration for control plane connection auth: + # -- Authentication type. Only `AdminKey` is currently supported. + # @default -- `AdminKey` type: AdminKey + + # -- AdminKey authentication configuration. + # Either `value` or `valueFrom` must be specified, but not both. adminKey: + # -- The admin key value for authentication. value: "edd1c9f034335f136f87ad84b625c8f1" + # -- Reference to admin key stored in a Kubernetes Secret + valueFrom: {} + # secretKeyRef: + # name: apisix-admin-secret + # key: admin-key + + # -- List of global plugins to be enabled on the GatewayProxy. + plugins: [] + # - name: cors + # enabled: true + # config: + # allow_origins: "*" + # allow_methods: "GET,POST,PUT,DELETE" + # - name: ip-restriction + # enabled: false + # config: + # whitelist: + # - 10.0.0.0/8 + # - 192.168.0.0/16 + + # -- Global plugin metadata shared by all instances of the same plugin. + pluginMetadata: {} + # prometheus: + # disable: false + # export_uri: /apisix/prometheus/metrics + apisix: adminService: namespace: apisix-ingress