├── apisix-dashboard.yaml ├── apisix.yaml └── etcd.yaml /apisix-dashboard.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: apisix-dashboard 5 | namespace: default 6 | labels: 7 | app.kubernetes.io/instance: apisix-dashboard 8 | app.kubernetes.io/name: apisix-dashboard 9 | app.kubernetes.io/version: 2.9.0 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/instance: apisix-dashboard 15 | app.kubernetes.io/name: apisix-dashboard 16 | template: 17 | metadata: 18 | creationTimestamp: null 19 | labels: 20 | app.kubernetes.io/instance: apisix-dashboard 21 | app.kubernetes.io/name: apisix-dashboard 22 | spec: 23 | volumes: 24 | - name: apisix-dashboard-config 25 | configMap: 26 | name: apisix-dashboard 27 | defaultMode: 420 28 | containers: 29 | - name: apisix-dashboard 30 | image: apache/apisix-dashboard:2.9.0 31 | ports: 32 | - name: http 33 | containerPort: 9000 34 | protocol: TCP 35 | resources: {} 36 | volumeMounts: 37 | - name: apisix-dashboard-config 38 | mountPath: /usr/local/apisix-dashboard/conf/conf.yaml 39 | subPath: conf.yaml 40 | livenessProbe: 41 | httpGet: 42 | path: /ping 43 | port: http 44 | scheme: HTTP 45 | timeoutSeconds: 1 46 | periodSeconds: 10 47 | successThreshold: 1 48 | failureThreshold: 3 49 | readinessProbe: 50 | httpGet: 51 | path: /ping 52 | port: http 53 | scheme: HTTP 54 | timeoutSeconds: 1 55 | periodSeconds: 10 56 | successThreshold: 1 57 | failureThreshold: 3 58 | terminationMessagePath: /dev/termination-log 59 | terminationMessagePolicy: File 60 | imagePullPolicy: IfNotPresent 61 | securityContext: {} 62 | restartPolicy: Always 63 | terminationGracePeriodSeconds: 30 64 | dnsPolicy: ClusterFirst 65 | serviceAccountName: apisix-dashboard 66 | serviceAccount: apisix-dashboard 67 | securityContext: {} 68 | schedulerName: default-scheduler 69 | strategy: 70 | type: RollingUpdate 71 | rollingUpdate: 72 | maxUnavailable: 25% 73 | maxSurge: 25% 74 | revisionHistoryLimit: 10 75 | progressDeadlineSeconds: 600 76 | --- 77 | kind: Service 78 | apiVersion: v1 79 | metadata: 80 | name: apisix-dashboard 81 | namespace: default 82 | labels: 83 | app.kubernetes.io/instance: apisix-dashboard 84 | app.kubernetes.io/name: apisix-dashboard 85 | app.kubernetes.io/version: 2.9.0 86 | spec: 87 | ports: 88 | - name: http 89 | protocol: TCP 90 | port: 80 91 | targetPort: http 92 | selector: 93 | app.kubernetes.io/instance: apisix-dashboard 94 | app.kubernetes.io/name: apisix-dashboard 95 | type: ClusterIP 96 | --- 97 | kind: ConfigMap 98 | apiVersion: v1 99 | metadata: 100 | name: apisix-dashboard 101 | namespace: default 102 | labels: 103 | app.kubernetes.io/instance: apisix-dashboard 104 | app.kubernetes.io/name: apisix-dashboard 105 | app.kubernetes.io/version: 2.9.0 106 | data: 107 | conf.yaml: |- 108 | conf: 109 | listen: 110 | host: 0.0.0.0 111 | port: 9000 112 | etcd: 113 | endpoints: 114 | - apisix-etcd:2379 115 | log: 116 | error_log: 117 | level: warn 118 | file_path: /dev/stderr 119 | access_log: 120 | file_path: /dev/stdout 121 | authentication: 122 | secert: secert 123 | expire_time: 3600 124 | users: 125 | - username: admin 126 | password: admin 127 | --- 128 | apiVersion: v1 129 | kind: ServiceAccount 130 | metadata: 131 | name: apisix-dashboard 132 | namespace: default -------------------------------------------------------------------------------- /apisix.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: apisix 5 | namespace: default 6 | labels: 7 | app.kubernetes.io/instance: apisix 8 | app.kubernetes.io/name: apisix 9 | app.kubernetes.io/version: 2.10.0 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/instance: apisix 15 | app.kubernetes.io/name: apisix 16 | template: 17 | metadata: 18 | creationTimestamp: null 19 | labels: 20 | app.kubernetes.io/instance: apisix 21 | app.kubernetes.io/name: apisix 22 | spec: 23 | volumes: 24 | - name: apisix-config 25 | configMap: 26 | name: apisix 27 | defaultMode: 420 28 | initContainers: 29 | - name: wait-etcd 30 | image: busybox:1.28 31 | command: 32 | - sh 33 | - '-c' 34 | - >- 35 | until nc -z apisix-etcd.default.svc.cluster.local 2379; do echo 36 | waiting for etcd `date`; sleep 2; done; 37 | resources: {} 38 | terminationMessagePath: /dev/termination-log 39 | terminationMessagePolicy: File 40 | imagePullPolicy: IfNotPresent 41 | containers: 42 | - name: apisix 43 | image: apache/apisix:2.10.0-alpine 44 | ports: 45 | - name: http 46 | containerPort: 9080 47 | protocol: TCP 48 | - name: tls 49 | containerPort: 9443 50 | protocol: TCP 51 | - name: admin 52 | containerPort: 9180 53 | protocol: TCP 54 | resources: {} 55 | volumeMounts: 56 | - name: apisix-config 57 | mountPath: /usr/local/apisix/conf/config.yaml 58 | subPath: config.yaml 59 | readinessProbe: 60 | tcpSocket: 61 | port: 9080 62 | initialDelaySeconds: 10 63 | timeoutSeconds: 1 64 | periodSeconds: 10 65 | successThreshold: 1 66 | failureThreshold: 6 67 | lifecycle: 68 | preStop: 69 | exec: 70 | command: 71 | - /bin/sh 72 | - '-c' 73 | - sleep 30 74 | terminationMessagePath: /dev/termination-log 75 | terminationMessagePolicy: File 76 | imagePullPolicy: IfNotPresent 77 | restartPolicy: Always 78 | terminationGracePeriodSeconds: 30 79 | dnsPolicy: ClusterFirst 80 | securityContext: {} 81 | schedulerName: default-scheduler 82 | strategy: 83 | type: RollingUpdate 84 | rollingUpdate: 85 | maxUnavailable: 25% 86 | maxSurge: 25% 87 | revisionHistoryLimit: 10 88 | progressDeadlineSeconds: 600 89 | --- 90 | kind: ConfigMap 91 | apiVersion: v1 92 | metadata: 93 | name: apisix 94 | namespace: default 95 | data: 96 | config.yaml: >- 97 | # 98 | 99 | # Licensed to the Apache Software Foundation (ASF) under one or more 100 | 101 | # contributor license agreements. See the NOTICE file distributed with 102 | 103 | # this work for additional information regarding copyright ownership. 104 | 105 | # The ASF licenses this file to You under the Apache License, Version 2.0 106 | 107 | # (the "License"); you may not use this file except in compliance with 108 | 109 | # the License. You may obtain a copy of the License at 110 | 111 | # 112 | 113 | # http://www.apache.org/licenses/LICENSE-2.0 114 | 115 | # 116 | 117 | # Unless required by applicable law or agreed to in writing, software 118 | 119 | # distributed under the License is distributed on an "AS IS" BASIS, 120 | 121 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 122 | 123 | # See the License for the specific language governing permissions and 124 | 125 | # limitations under the License. 126 | 127 | # 128 | 129 | apisix: 130 | node_listen: 9080 # APISIX listening port 131 | enable_heartbeat: true 132 | enable_admin: true 133 | enable_admin_cors: true 134 | enable_debug: false 135 | enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true 136 | enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. 137 | enable_ipv6: true 138 | config_center: etcd # etcd: use etcd to store the config value 139 | # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` 140 | 141 | 142 | #proxy_protocol: # Proxy Protocol configuration 143 | # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. 144 | # This port can only receive http request with proxy protocol, but node_listen & port_admin 145 | # can only receive http request. If you enable proxy protocol, you must use this port to 146 | # receive http request with proxy protocol 147 | # listen_https_port: 9182 # The port with proxy protocol for https 148 | # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option 149 | # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server 150 | 151 | proxy_cache: # Proxy Caching configuration 152 | cache_ttl: 10s # The default caching time if the upstream does not specify the cache time 153 | zones: # The parameters of a cache 154 | - name: disk_cache_one # The name of the cache, administrator can be specify 155 | # which cache to use by name in the admin api 156 | memory_size: 50m # The size of shared memory, it's used to store the cache index 157 | disk_size: 1G # The size of disk, it's used to store the cache data 158 | disk_path: "/tmp/disk_cache_one" # The path to store the cache data 159 | cache_levels: "1:2" # The hierarchy levels of a cache 160 | # - name: disk_cache_two 161 | # memory_size: 50m 162 | # disk_size: 1G 163 | # disk_path: "/tmp/disk_cache_two" 164 | # cache_levels: "1:2" 165 | 166 | allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow 167 | - 127.0.0.1/24 168 | # - "::/64" 169 | port_admin: 9180 170 | 171 | # Default token when use API to call for Admin API. 172 | # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. 173 | # Disabling this configuration item means that the Admin API does not 174 | # require any authentication. 175 | admin_key: 176 | # admin: can everything for configuration data 177 | - name: "admin" 178 | key: edd1c9f034335f136f87ad84b625c8f1 179 | role: admin 180 | # viewer: only can view configuration data 181 | - name: "viewer" 182 | key: 4054f7cf07e344346cd3f287985e76a2 183 | role: viewer 184 | router: 185 | http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) 186 | # radixtree_host_uri: match route by host + uri(base on radixtree) 187 | ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) 188 | # dns_resolver: 189 | # 190 | # - 127.0.0.1 191 | # 192 | # - 172.20.0.10 193 | # 194 | # - 114.114.114.114 195 | # 196 | # - 223.5.5.5 197 | # 198 | # - 1.1.1.1 199 | # 200 | # - 8.8.8.8 201 | # 202 | dns_resolver_valid: 30 203 | resolver_timeout: 5 204 | ssl: 205 | enable: false 206 | enable_http2: true 207 | listen_port: 9443 208 | ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" 209 | ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" 210 | 211 | nginx_config: # config for render the template to 212 | genarate nginx.conf 213 | error_log: "/dev/stderr" 214 | error_log_level: "warn" # warn,error 215 | worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections 216 | event: 217 | worker_connections: 10620 218 | http: 219 | access_log: "/dev/stdout" 220 | keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. 221 | client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client 222 | client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client 223 | send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed 224 | underscores_in_headers: "on" # default enables the use of underscores in client request header fields 225 | real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header 226 | real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from 227 | - 127.0.0.1 228 | - 'unix:' 229 | 230 | etcd: 231 | host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. 232 | - "http://apisix-etcd.default.svc.cluster.local:2379" 233 | prefix: "/apisix" # apisix configurations prefix 234 | timeout: 30 # 30 seconds 235 | plugins: # plugin list 236 | - api-breaker 237 | - authz-keycloak 238 | - basic-auth 239 | - batch-requests 240 | - consumer-restriction 241 | - cors 242 | - echo 243 | - fault-injection 244 | - grpc-transcode 245 | - hmac-auth 246 | - http-logger 247 | - ip-restriction 248 | - ua-restriction 249 | - jwt-auth 250 | - kafka-logger 251 | - key-auth 252 | - limit-conn 253 | - limit-count 254 | - limit-req 255 | - node-status 256 | - openid-connect 257 | - authz-casbin 258 | - prometheus 259 | - proxy-cache 260 | - proxy-mirror 261 | - proxy-rewrite 262 | - redirect 263 | - referer-restriction 264 | - request-id 265 | - request-validation 266 | - response-rewrite 267 | - serverless-post-function 268 | - serverless-pre-function 269 | - sls-logger 270 | - syslog 271 | - tcp-logger 272 | - udp-logger 273 | - uri-blocker 274 | - wolf-rbac 275 | - zipkin 276 | - server-info 277 | - traffic-split 278 | - gzip 279 | - real-ip 280 | stream_plugins: 281 | - mqtt-proxy 282 | - ip-restriction 283 | - limit-conn 284 | plugin_attr: 285 | server-info: 286 | report_interval: 60 287 | report_ttl: 3600 288 | --- 289 | kind: Service 290 | apiVersion: v1 291 | metadata: 292 | name: apisix-admin 293 | namespace: default 294 | labels: 295 | app.kubernetes.io/instance: apisix 296 | app.kubernetes.io/name: apisix 297 | app.kubernetes.io/version: 2.10.0 298 | spec: 299 | ports: 300 | - name: apisix-admin 301 | protocol: TCP 302 | port: 9180 303 | targetPort: 9180 304 | selector: 305 | app.kubernetes.io/instance: apisix 306 | app.kubernetes.io/name: apisix 307 | type: ClusterIP 308 | --- 309 | kind: Service 310 | apiVersion: v1 311 | metadata: 312 | name: apisix-gateway 313 | namespace: default 314 | labels: 315 | app.kubernetes.io/instance: apisix 316 | app.kubernetes.io/name: apisix 317 | app.kubernetes.io/version: 2.10.0 318 | spec: 319 | ports: 320 | - name: apisix-gateway 321 | protocol: TCP 322 | port: 80 323 | targetPort: 9080 324 | nodePort: 31684 325 | selector: 326 | app.kubernetes.io/instance: apisix 327 | app.kubernetes.io/name: apisix 328 | type: NodePort 329 | sessionAffinity: None 330 | externalTrafficPolicy: Cluster -------------------------------------------------------------------------------- /etcd.yaml: -------------------------------------------------------------------------------- 1 | kind: StatefulSet 2 | apiVersion: apps/v1 3 | metadata: 4 | name: apisix-etcd 5 | namespace: default 6 | labels: 7 | app.kubernetes.io/instance: apisix-etcd 8 | app.kubernetes.io/name: apisix-etcd 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/instance: apisix-etcd 14 | app.kubernetes.io/name: apisix-etcd 15 | template: 16 | metadata: 17 | creationTimestamp: null 18 | labels: 19 | app.kubernetes.io/instance: apisix-etcd 20 | app.kubernetes.io/name: apisix-etcd 21 | spec: 22 | containers: 23 | - name: apisix-etcd 24 | image: docker.io/bitnami/etcd:3.5.1-debian-10-r31 25 | ports: 26 | - name: client 27 | containerPort: 2379 28 | protocol: TCP 29 | - name: peer 30 | containerPort: 2380 31 | protocol: TCP 32 | env: 33 | - name: BITNAMI_DEBUG 34 | value: 'false' 35 | - name: MY_POD_IP 36 | valueFrom: 37 | fieldRef: 38 | apiVersion: v1 39 | fieldPath: status.podIP 40 | - name: MY_POD_NAME 41 | valueFrom: 42 | fieldRef: 43 | apiVersion: v1 44 | fieldPath: metadata.name 45 | - name: ETCDCTL_API 46 | value: '3' 47 | - name: ETCD_ON_K8S 48 | value: 'yes' 49 | - name: ETCD_START_FROM_SNAPSHOT 50 | value: 'no' 51 | - name: ETCD_DISASTER_RECOVERY 52 | value: 'no' 53 | - name: ETCD_NAME 54 | value: $(MY_POD_NAME) 55 | - name: ETCD_DATA_DIR 56 | value: /bitnami/etcd/data 57 | - name: ETCD_LOG_LEVEL 58 | value: info 59 | - name: ALLOW_NONE_AUTHENTICATION 60 | value: 'yes' 61 | - name: ETCD_ADVERTISE_CLIENT_URLS 62 | value: >- 63 | http://$(MY_POD_NAME).apisix-etcd-headless.default.svc.cluster.local:2379,http://apisix-etcd.default.svc.cluster.local:2379 64 | - name: ETCD_LISTEN_CLIENT_URLS 65 | value: http://0.0.0.0:2379 66 | - name: ETCD_INITIAL_ADVERTISE_PEER_URLS 67 | value: >- 68 | http://$(MY_POD_NAME).apisix-etcd-headless.default.svc.cluster.local:2380 69 | - name: ETCD_LISTEN_PEER_URLS 70 | value: http://0.0.0.0:2380 71 | resources: {} 72 | volumeMounts: 73 | - name: data 74 | mountPath: /bitnami/etcd 75 | livenessProbe: 76 | exec: 77 | command: 78 | - /opt/bitnami/scripts/etcd/healthcheck.sh 79 | initialDelaySeconds: 60 80 | timeoutSeconds: 5 81 | periodSeconds: 30 82 | successThreshold: 1 83 | failureThreshold: 5 84 | readinessProbe: 85 | exec: 86 | command: 87 | - /opt/bitnami/scripts/etcd/healthcheck.sh 88 | initialDelaySeconds: 60 89 | timeoutSeconds: 5 90 | periodSeconds: 10 91 | successThreshold: 1 92 | failureThreshold: 5 93 | terminationMessagePath: /dev/termination-log 94 | terminationMessagePolicy: File 95 | imagePullPolicy: IfNotPresent 96 | securityContext: 97 | runAsUser: 1001 98 | runAsNonRoot: true 99 | restartPolicy: Always 100 | terminationGracePeriodSeconds: 30 101 | dnsPolicy: ClusterFirst 102 | serviceAccountName: default 103 | serviceAccount: default 104 | securityContext: 105 | fsGroup: 1001 106 | affinity: 107 | podAntiAffinity: 108 | preferredDuringSchedulingIgnoredDuringExecution: 109 | - weight: 1 110 | podAffinityTerm: 111 | labelSelector: 112 | matchLabels: 113 | app.kubernetes.io/instance: apisix-etcd 114 | app.kubernetes.io/name: apisix-etcd 115 | namespaces: 116 | - default 117 | topologyKey: kubernetes.io/hostname 118 | schedulerName: default-scheduler 119 | volumeClaimTemplates: 120 | - kind: PersistentVolumeClaim 121 | apiVersion: v1 122 | metadata: 123 | name: data 124 | creationTimestamp: null 125 | spec: 126 | accessModes: 127 | - ReadWriteOnce 128 | resources: 129 | requests: 130 | storage: 1Gi 131 | volumeMode: Filesystem 132 | serviceName: apisix-etcd-headless 133 | podManagementPolicy: Parallel 134 | updateStrategy: 135 | type: RollingUpdate 136 | revisionHistoryLimit: 10 137 | --- 138 | kind: Service 139 | apiVersion: v1 140 | metadata: 141 | name: apisix-etcd-headless 142 | namespace: default 143 | labels: 144 | app.kubernetes.io/instance: apisix-etcd 145 | app.kubernetes.io/name: apisix-etcd 146 | annotations: 147 | meta.helm.sh/release-name: apisix-etcd 148 | meta.helm.sh/release-namespace: default 149 | service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' 150 | spec: 151 | ports: 152 | - name: client 153 | protocol: TCP 154 | port: 2379 155 | targetPort: client 156 | - name: peer 157 | protocol: TCP 158 | port: 2380 159 | targetPort: peer 160 | selector: 161 | app.kubernetes.io/instance: apisix-etcd 162 | app.kubernetes.io/name: apisix-etcd 163 | clusterIP: None 164 | clusterIPs: 165 | - None 166 | type: ClusterIP 167 | sessionAffinity: None 168 | publishNotReadyAddresses: true 169 | ipFamilies: 170 | - IPv4 171 | ipFamilyPolicy: SingleStack 172 | --- 173 | kind: Service 174 | apiVersion: v1 175 | metadata: 176 | name: apisix-etcd 177 | namespace: default 178 | labels: 179 | app.kubernetes.io/instance: apisix-etcd 180 | app.kubernetes.io/name: apisix-etcd 181 | annotations: 182 | meta.helm.sh/release-name: apisix-etcd 183 | meta.helm.sh/release-namespace: default 184 | spec: 185 | ports: 186 | - name: client 187 | protocol: TCP 188 | port: 2379 189 | targetPort: client 190 | - name: peer 191 | protocol: TCP 192 | port: 2380 193 | targetPort: peer 194 | selector: 195 | app.kubernetes.io/instance: apisix-etcd 196 | app.kubernetes.io/name: apisix-etcd 197 | type: ClusterIP --------------------------------------------------------------------------------