mirror of
https://github.com/bitnami/charts.git
synced 2026-03-27 15:27:10 +08:00
[bitnami/apisix] major: Integrate apisix-dashboard into apisix (#36136)
* [bitnami/apisix] major: Integrate apisix-dashboard into apisix Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Fix tests Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Fix port privilege issue Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> --------- Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Miguel Ruiz
@@ -1,11 +1,11 @@
|
||||
module.exports = {
|
||||
env: {
|
||||
username: 'vib-user',
|
||||
password: 'ComplicatedPassword123!4',
|
||||
token: 'deadbeefdeadbeefdeadbeef',
|
||||
},
|
||||
defaultCommandTimeout: 30000,
|
||||
e2e: {
|
||||
setupNodeEvents(on, config) {},
|
||||
baseUrl: 'http://localhost',
|
||||
baseUrl: 'https://localhost',
|
||||
},
|
||||
retries: 5
|
||||
}
|
||||
|
||||
@@ -10,17 +10,34 @@ import {
|
||||
|
||||
it('allows to create a service in the dashboard', () => {
|
||||
cy.login();
|
||||
cy.visit('/service/list');
|
||||
// Go to the services page
|
||||
cy.get('button').contains('Create').click();
|
||||
cy.get('span').contains('Services').click();
|
||||
// Create a service
|
||||
cy.fixture('service').then((svc) => {
|
||||
cy.get('#name').type(`${svc.service.name}${random}`);
|
||||
cy.get('[placeholder*="Hostname"]').type(`${random}-${svc.service.host}`)
|
||||
cy.get('button').contains('Next').click();
|
||||
cy.contains('After customizing the plugin');
|
||||
cy.get('button').contains('Next').click();
|
||||
cy.get('button').contains('Submit').click();
|
||||
cy.get('button').contains('Add Service').click();
|
||||
cy.get('[name="name"]').type(`${svc.service.name}${random}`);
|
||||
cy.get('button').contains('Add a Node').click();
|
||||
cy.get('input[placeholder*="Please enter"]').should('have.length', 4).then((elements) => {
|
||||
cy.wrap(elements.eq(0)).type(`${svc.service.host}`)
|
||||
cy.wrap(elements.eq(1)).clear().type(80);
|
||||
})
|
||||
// Submission randomly fails with network error
|
||||
let retries = 5;
|
||||
do {
|
||||
try {
|
||||
cy.get('button[type="submit"]').click();
|
||||
retries = 0;
|
||||
} catch (e) {
|
||||
if (retries === 0) {
|
||||
throw new Error('Service submit failed.');
|
||||
} else {
|
||||
cy.wait(2000);
|
||||
}
|
||||
}
|
||||
} while (--retries >= 0);
|
||||
|
||||
cy.contains('Service Detail');
|
||||
cy.get('span').contains('Services').click();
|
||||
cy.get('tr').contains(`${svc.service.name}${random}`);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -19,12 +19,11 @@ for (const command of ['click']) {
|
||||
|
||||
Cypress.Commands.add(
|
||||
'login',
|
||||
(username = Cypress.env('username'), password = Cypress.env('password')) => {
|
||||
cy.visit('/');
|
||||
cy.get('[id$="username"]').should('be.enabled').type(username);
|
||||
cy.get('[type="password"]').should('be.enabled').type(password);
|
||||
cy.contains('button', 'Login').click();
|
||||
cy.contains('Upstream').should('be.visible');
|
||||
(token = Cypress.env('token')) => {
|
||||
cy.visit('/ui/');
|
||||
cy.get('label').contains('Admin Key');
|
||||
cy.get('input').should('be.enabled').type(token);
|
||||
cy.visit('/ui/');
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
@@ -27,11 +27,8 @@ http:
|
||||
status: 200
|
||||
body:
|
||||
- /apisix_nginx_.*/
|
||||
http://apisix-dashboard:{{ .Vars.dashboard.service.ports.http }}:
|
||||
https://apisix-control-plane:{{ .Vars.controlPlane.service.ports.adminAPI }}/ui/:
|
||||
status: 200
|
||||
https://apisix-dashboard:{{ .Vars.dashboard.service.ports.https }}:
|
||||
status: 200
|
||||
allow-insecure: true
|
||||
http://apisix-ingress-controller:{{ .Vars.ingressController.service.ports.http }}/metrics:
|
||||
status: 200
|
||||
body:
|
||||
|
||||
@@ -33,19 +33,12 @@ controlPlane:
|
||||
metrics:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
adminAPI: 9181
|
||||
adminAPI: 443
|
||||
configServer: 8888
|
||||
https: 9282
|
||||
metrics: 8004
|
||||
dashboard:
|
||||
username: vib-user
|
||||
password: "ComplicatedPassword123!4"
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
ingressController:
|
||||
extraConfig:
|
||||
kubernetes:
|
||||
|
||||
@@ -60,8 +60,8 @@
|
||||
"resources": {
|
||||
"path": "/.vib/apisix/cypress"
|
||||
},
|
||||
"endpoint": "lb-apisix-dashboard-http",
|
||||
"app_protocol": "HTTP",
|
||||
"endpoint": "lb-apisix-control-plane-https-admin-api",
|
||||
"app_protocol": "HTTPS",
|
||||
"env": {
|
||||
"username": "vib-user",
|
||||
"password": "ComplicatedPassword123!4"
|
||||
|
||||
@@ -1,8 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 5.1.6 (2025-08-18)
|
||||
## 6.0.0 (2025-08-20)
|
||||
|
||||
* [bitnami/apisix] :zap: :arrow_up: Update dependency references ([#36122](https://github.com/bitnami/charts/pull/36122))
|
||||
* [bitnami/apisix] major: Integrate apisix-dashboard into apisix ([#36136](https://github.com/bitnami/charts/pull/36136))
|
||||
|
||||
## <small>5.1.6 (2025-08-18)</small>
|
||||
|
||||
* [bitnami/apisix] :zap: :arrow_up: Update dependency references (#36122) ([9ad91f7](https://github.com/bitnami/charts/commit/9ad91f789a864aaf7edde54e10a17118882b0e0b)), closes [#36122](https://github.com/bitnami/charts/issues/36122)
|
||||
|
||||
## <small>5.1.5 (2025-08-14)</small>
|
||||
|
||||
|
||||
@@ -6,8 +6,6 @@ annotations:
|
||||
images: |
|
||||
- name: apisix
|
||||
image: docker.io/bitnami/apisix:3.13.0-debian-12-r4
|
||||
- name: apisix-dashboard
|
||||
image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-12-r80
|
||||
- name: apisix-ingress-controller
|
||||
image: docker.io/bitnami/apisix-ingress-controller:1.8.4-debian-12-r14
|
||||
- name: os-shell
|
||||
@@ -48,4 +46,4 @@ sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller
|
||||
version: 5.1.6
|
||||
version: 6.0.0
|
||||
|
||||
@@ -58,7 +58,7 @@ To make this process easier, the chart contains the `resourcesPreset` values, wh
|
||||
|
||||
### Prometheus metrics
|
||||
|
||||
This chart can be integrated with Prometheus by setting `*.metrics.enabled` (under the `dataPlane`, `controlPlane` and `ingressController` sections) to true. This will expose the Apisix native Prometheus port in both the containers and services. The services will also have the necessary annotations to be automatically scraped by Prometheus.
|
||||
This chart can be integrated with Prometheus by setting `*.metrics.enabled` (under the `dataPlane`, `controlPlane` and `ingressController` sections) to true. This will expose the APISIX native Prometheus port in both the containers and services. The services will also have the necessary annotations to be automatically scraped by Prometheus.
|
||||
|
||||
#### Prometheus requirements
|
||||
|
||||
@@ -512,6 +512,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
|
||||
| `controlPlane.hostNetwork` | Use hostNetwork | `false` |
|
||||
| `controlPlane.dnsPolicy` | DNS policy for APISIX Control Plane pods | `ClusterFirst` |
|
||||
| `controlPlane.useDaemonSet` | Deploy as DaemonSet | `false` |
|
||||
| `controlPlane.dashboardEnabled` | Enable APISIX Control Plane to expose APISIX Dashboards | `true` |
|
||||
| `controlPlane.containerPorts.adminAPI` | APISIX Control Plane Admin API port | `9180` |
|
||||
| `controlPlane.containerPorts.configServer` | APISIX Control Plane config port | `9280` |
|
||||
| `controlPlane.containerPorts.control` | APISIX Control Plane control port | `9090` |
|
||||
@@ -691,171 +692,6 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
|
||||
| `controlPlane.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
|
||||
| `controlPlane.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
|
||||
### APISIX Dashboard Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
|
||||
| `dashboard.enabled` | Enable APISIX Dashboard | `true` |
|
||||
| `dashboard.replicaCount` | Number of APISIX Dashboard replicas to deploy | `1` |
|
||||
| `dashboard.image.registry` | APISIX Dashboard image registry | `REGISTRY_NAME` |
|
||||
| `dashboard.image.repository` | APISIX Dashboard image repository | `REPOSITORY_NAME/apisix-dashboard` |
|
||||
| `dashboard.image.digest` | APISIX Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
|
||||
| `dashboard.image.pullPolicy` | APISIX Dashboard image pull policy | `IfNotPresent` |
|
||||
| `dashboard.image.pullSecrets` | APISIX Dashboard image pull secrets | `[]` |
|
||||
| `dashboard.image.debug` | Enable APISIX Dashboard image debug mode | `false` |
|
||||
| `dashboard.username` | APISIX Dashboard username | `user` |
|
||||
| `dashboard.password` | APISIX Dashboard password | `""` |
|
||||
| `dashboard.existingSecret` | Name of a existing secret containing the password for APISIX Dashboard | `""` |
|
||||
| `dashboard.existingSecretPasswordKey` | Key inside the secret containing the password for APISIX Dashboard | `""` |
|
||||
| `dashboard.defaultConfig` | APISIX Dashboard configuration (evaluated as a template) | `""` |
|
||||
| `dashboard.extraConfig` | extra configuration settings for APISIX Dashboard | `{}` |
|
||||
| `dashboard.existingConfigMap` | name of a ConfigMap with existing configuration for APISIX Dashboard | `""` |
|
||||
| `dashboard.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for APISIX Dashboard | `""` |
|
||||
| `dashboard.tls.enabled` | Enable TLS transport in APISIX Dashboard | `true` |
|
||||
| `dashboard.tls.autoGenerated` | Auto-generate self-signed certificates | `true` |
|
||||
| `dashboard.tls.existingSecret` | Name of a secret containing the certificates | `""` |
|
||||
| `dashboard.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` |
|
||||
| `dashboard.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` |
|
||||
| `dashboard.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` |
|
||||
| `dashboard.tls.cert` | Content of the certificate to be added to the secret | `""` |
|
||||
| `dashboard.tls.key` | Content of the certificate key to be added to the secret | `""` |
|
||||
| `dashboard.tls.ca` | Content of the certificate CA to be added to the secret | `""` |
|
||||
| `dashboard.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `dashboard.hostAliases` | APISIX Dashboard pods host aliases | `[]` |
|
||||
| `dashboard.podLabels` | Extra labels for APISIX Dashboard pods | `{}` |
|
||||
| `dashboard.podAnnotations` | Annotations for APISIX Dashboard pods | `{}` |
|
||||
| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `dashboard.affinity` is set | `""` |
|
||||
| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `dashboard.affinity` is set | `[]` |
|
||||
| `dashboard.affinity` | Affinity for APISIX Dashboard pods assignment | `{}` |
|
||||
| `dashboard.nodeSelector` | Node labels for APISIX Dashboard pods assignment | `{}` |
|
||||
| `dashboard.tolerations` | Tolerations for APISIX Dashboard pods assignment | `[]` |
|
||||
| `dashboard.updateStrategy.type` | APISIX Dashboard statefulset strategy type | `RollingUpdate` |
|
||||
| `dashboard.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
|
||||
| `dashboard.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
|
||||
| `dashboard.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `dashboard.priorityClassName` | APISIX Dashboard pods' priorityClassName | `""` |
|
||||
| `dashboard.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `dashboard.schedulerName` | Name of the k8s scheduler (other than default) for APISIX Dashboard pods | `""` |
|
||||
| `dashboard.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX Dashboard pod(s) | `[]` |
|
||||
| `dashboard.sidecars` | Add additional sidecar containers to the APISIX Dashboard pod(s) | `[]` |
|
||||
| `dashboard.initContainers` | Add additional init containers to the APISIX Dashboard pod(s) | `[]` |
|
||||
| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` |
|
||||
| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` |
|
||||
| `dashboard.containerPorts.http` | APISIX Dashboard http container port | `8080` |
|
||||
| `dashboard.containerPorts.https` | APISIX Dashboard https container port | `8443` |
|
||||
| `dashboard.livenessProbe.enabled` | Enable livenessProbe on APISIX Dashboard container | `true` |
|
||||
| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `dashboard.readinessProbe.enabled` | Enable readinessProbe on APISIX Dashboard container | `true` |
|
||||
| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `dashboard.startupProbe.enabled` | Enable startupProbe on APISIX Dashboard container | `false` |
|
||||
| `dashboard.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `dashboard.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `dashboard.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `dashboard.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `dashboard.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `dashboard.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `dashboard.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). | `nano` |
|
||||
| `dashboard.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `dashboard.containerSecurityContext.enabled` | Enabled APISIX Dashboard containers' Security Context | `true` |
|
||||
| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `dashboard.containerSecurityContext.runAsUser` | Set APISIX Dashboard containers' Security Context runAsUser | `1001` |
|
||||
| `dashboard.containerSecurityContext.runAsGroup` | Set APISIX Dashboard containers' Security Context runAsGroup | `1001` |
|
||||
| `dashboard.containerSecurityContext.runAsNonRoot` | Set APISIX Dashboard containers' Security Context runAsNonRoot | `true` |
|
||||
| `dashboard.containerSecurityContext.privileged` | Set APISIX Dashboard containers' Security Context privileged | `false` |
|
||||
| `dashboard.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX Dashboard containers' Security Context readOnlyRootFilesystem | `true` |
|
||||
| `dashboard.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX Dashboard containers' privilege escalation | `false` |
|
||||
| `dashboard.containerSecurityContext.capabilities.drop` | Set APISIX Dashboard containers' Security Context capabilities drop | `["ALL"]` |
|
||||
| `dashboard.containerSecurityContext.seccompProfile.type` | Set APISIX Dashboard containers' Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `dashboard.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `dashboard.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `dashboard.lifecycleHooks` | for the APISIX Dashboard container(s) to automate configuration before or after startup | `{}` |
|
||||
| `dashboard.extraEnvVars` | Array with extra environment variables to add to APISIX Dashboard nodes | `[]` |
|
||||
| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX Dashboard nodes | `""` |
|
||||
| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX Dashboard nodes | `""` |
|
||||
| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX Dashboard container | `[]` |
|
||||
|
||||
### APISIX Dashboard Traffic Exposure Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `dashboard.service.type` | APISIX Dashboard service type | `LoadBalancer` |
|
||||
| `dashboard.service.ports.http` | APISIX Dashboard service HTTP | `80` |
|
||||
| `dashboard.service.ports.https` | APISIX Dashboard service HTTPS | `443` |
|
||||
| `dashboard.service.nodePorts.http` | Node port for HTTP | `""` |
|
||||
| `dashboard.service.nodePorts.https` | Node port for HTTPS | `""` |
|
||||
| `dashboard.service.clusterIP` | APISIX Dashboard service Cluster IP | `""` |
|
||||
| `dashboard.service.loadBalancerIP` | APISIX Dashboard service Load Balancer IP | `""` |
|
||||
| `dashboard.service.loadBalancerSourceRanges` | APISIX Dashboard service Load Balancer sources | `[]` |
|
||||
| `dashboard.service.externalIPs` | APISIX Dashboard service External IPs | `[]` |
|
||||
| `dashboard.service.externalTrafficPolicy` | APISIX Dashboard service external traffic policy | `Cluster` |
|
||||
| `dashboard.service.annotations` | Additional custom annotations for APISIX Dashboard service | `{}` |
|
||||
| `dashboard.service.extraPorts` | Extra ports to expose in APISIX Dashboard service (normally used with the `sidecars` value) | `[]` |
|
||||
| `dashboard.service.sessionAffinity` | Control where web requests go, to the same pod or round-robin | `None` |
|
||||
| `dashboard.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `dashboard.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `dashboard.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `dashboard.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `dashboard.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `dashboard.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` |
|
||||
| `dashboard.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `dashboard.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `dashboard.ingress.enabled` | Enable ingress record generation for APISIX Dashboard | `false` |
|
||||
| `dashboard.ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `dashboard.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `dashboard.ingress.hostname` | Default host for the ingress record | `apisix-dashboard.local` |
|
||||
| `dashboard.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `dashboard.ingress.path` | Default path for the ingress record | `/` |
|
||||
| `dashboard.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `dashboard.ingress.tls` | Enable TLS configuration for the host defined at `dashboard.ingress.hostname` parameter | `false` |
|
||||
| `dashboard.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
|
||||
| `dashboard.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
|
||||
| `dashboard.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `dashboard.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
|
||||
| `dashboard.ingress.secrets` | Custom TLS certificates as secrets | `[]` |
|
||||
| `dashboard.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
|
||||
|
||||
### APISIX Dashboard Autoscaling configuration
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `dashboard.autoscaling.vpa.enabled` | Enable VPA | `false` |
|
||||
| `dashboard.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
|
||||
| `dashboard.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
|
||||
| `dashboard.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
|
||||
| `dashboard.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
|
||||
| `dashboard.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
|
||||
| `dashboard.autoscaling.hpa.enabled` | Enable HPA for APISIX Dashboard | `false` |
|
||||
| `dashboard.autoscaling.hpa.minReplicas` | Minimum number of APISIX Dashboard replicas | `""` |
|
||||
| `dashboard.autoscaling.hpa.maxReplicas` | Maximum number of APISIX Dashboard replicas | `""` |
|
||||
| `dashboard.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `dashboard.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
|
||||
### APISIX Dashboard RBAC Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
|
||||
| `dashboard.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `dashboard.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `dashboard.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
|
||||
| `dashboard.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||
|
||||
### APISIX Ingress Controller Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
@@ -1109,6 +945,14 @@ Find more information about how to deal with common errors related to Bitnami's
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 6.0.0
|
||||
|
||||
This major release removes the `bitnami/apisix-dashboard` container and its deployment templates from the chart. Starting APISIX version 3.13.0, the dashboard component has been integrated into the `bitnami/apisix` container.
|
||||
|
||||
APISIX Dashboards no longer have a dedicated service, it will be exposed under the APISIX Control Plane adminAPI service port, under the `/ui` route.
|
||||
|
||||
All `dashboard.*` values have been removed. New value `controlPlane.dashboardEnabled` has been added.
|
||||
|
||||
### To 5.0.0
|
||||
|
||||
This major updates the `etcd` subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [etcd upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/etcd#to-1200).
|
||||
|
||||
@@ -32,9 +32,6 @@ The following controllers have been deployed:
|
||||
{{- if .Values.controlPlane.enabled }}
|
||||
- control-plane
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.enabled }}
|
||||
- dashboard
|
||||
{{- end }}
|
||||
{{- if .Values.ingressController.enabled }}
|
||||
- ingress-controller
|
||||
{{- end }}
|
||||
@@ -45,57 +42,56 @@ Check the status of the pods by running this command:
|
||||
|
||||
kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
||||
|
||||
{{- if .Values.dashboard.enabled }}
|
||||
{{- if .Values.controlPlane.dashboardEnabled }}
|
||||
|
||||
APISIX Dashboard:
|
||||
|
||||
Your APISIX Dashboard site can be accessed through the following DNS name from within your cluster:
|
||||
|
||||
{{ include "apisix.dashboard.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.dashboard.service.ports.http }})
|
||||
{{ include "apisix.control-plane.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.controlPlane.service.ports.adminAPI }})
|
||||
|
||||
To access your Apisix site from outside the cluster follow the steps below:
|
||||
To access your APISIX site from outside the cluster follow the steps below:
|
||||
|
||||
{{- if .Values.dashboard.ingress.enabled }}
|
||||
{{- if .Values.controlPlane.ingress.enabled }}
|
||||
|
||||
1. Get the Apisix URL and associate Apisix hostname to your cluster external IP:
|
||||
1. Get the APISIX URL and associate APISIX hostname to your cluster external IP:
|
||||
|
||||
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
|
||||
echo "Apisix URL: http{{ if .Values.dashboard.ingress.tls }}s{{ end }}://{{ .Values.dashboard.ingress.hostname }}/"
|
||||
echo "$CLUSTER_IP {{ .Values.dashboard.ingress.hostname }}" | sudo tee -a /etc/hosts
|
||||
echo "APISIX URL: http{{ if .Values.controlPlane.ingress.tls }}s{{ end }}://{{ .Values.controlPlane.ingress.hostname }}/ui"
|
||||
echo "$CLUSTER_IP {{ .Values.controlPlane.ingress.hostname }}" | sudo tee -a /etc/hosts
|
||||
|
||||
{{- else }}
|
||||
{{- $port := .Values.dashboard.service.ports.http | toString }}
|
||||
{{- $port := .Values.controlPlane.service.ports.adminAPI | toString }}
|
||||
|
||||
1. Get the Apisix URL by running these commands:
|
||||
1. Get the APISIX URL by running these commands:
|
||||
|
||||
{{- if contains "NodePort" .Values.dashboard.service.type }}
|
||||
{{- if contains "NodePort" .Values.controlPlane.service.type }}
|
||||
|
||||
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "apisix.dashboard.fullname" . }})
|
||||
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "apisix.control-plane.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo "Apisix Dashboard URL: http://$NODE_IP:$NODE_PORT/"
|
||||
echo "APISIX Dashboard URL: {{ ternary "https" "http" .Values.controlPlane.tls.enabled }}://$NODE_IP:$NODE_PORT/ui"
|
||||
|
||||
{{- else if contains "LoadBalancer" .Values.dashboard.service.type }}
|
||||
{{- else if contains "LoadBalancer" .Values.controlPlane.service.type }}
|
||||
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "apisix.dashboard.fullname" . }}'
|
||||
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "apisix.control-plane.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "apisix.dashboard.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
echo "Apisix URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.dashboard.service.ports.http }}{{ end }}/"
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "apisix.control-plane.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
echo "APISIX Dashboard URL: {{ ternary "https" "http" .Values.controlPlane.tls.enabled }}://$SERVICE_IP:{{ .Values.controlPlane.service.ports.adminAPI }}/ui"
|
||||
|
||||
{{- else if contains "ClusterIP" .Values.dashboard.service.type }}
|
||||
{{- else if contains "ClusterIP" .Values.controlPlane.service.type }}
|
||||
|
||||
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "apisix.dashboard.fullname" . }} {{ .Values.dashboard.service.ports.http }}:{{ .Values.dashboard.service.ports.http }} &
|
||||
echo "Apisix Dashboard URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.dashboard.service.ports.http }}{{ end }}//"
|
||||
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "apisix.control-plane.fullname" . }} {{ .Values.controlPlane.service.ports.adminAPI }}:{{ .Values.controlPlane.service.ports.adminAPI }} &
|
||||
echo "APISIX Dashboard URL: {{ ternary "https" "http" .Values.controlPlane.tls.enabled }}://127.0.0.1:{{ .Values.controlPlane.service.ports.adminAPI }}/ui"
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
2. Open a browser and access APISIX Dashboard using the obtained URL.
|
||||
2. Open a browser and access the APISIX Dashboard using the obtained URL.
|
||||
|
||||
3. Login with the following credentials below:
|
||||
3. Login with the APISIX admin token below:
|
||||
|
||||
echo Username: {{ .Values.dashboard.username }}
|
||||
echo Password: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "apisix.dashboard.secretName" . }} -o jsonpath="{.data.{{ include "apisix.dashboard.secretPasswordKey" . }}}" | base64 -d)
|
||||
echo Admin token: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "apisix.control-plane.secretName" . }} -o jsonpath="admin-token" | base64 -d)
|
||||
|
||||
{{- end }}
|
||||
|
||||
@@ -107,20 +103,20 @@ APISIX Control Plane:
|
||||
|
||||
{{ include "apisix.control-plane.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.controlPlane.service.ports.adminAPI }})
|
||||
|
||||
To access your Apisix site from outside the cluster follow the steps below:
|
||||
To access your APISIX site from outside the cluster follow the steps below:
|
||||
|
||||
{{- if .Values.controlPlane.ingress.enabled }}
|
||||
|
||||
1. Get the Apisix Control Plane URL and associate Apisix hostname to your cluster external IP:
|
||||
1. Get the APISIX Control Plane URL and associate APISIX hostname to your cluster external IP:
|
||||
|
||||
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
|
||||
echo "Apisix URL: http{{ if .Values.controlPlane.ingress.tls }}s{{ end }}://{{ .Values.controlPlane.ingress.hostname }}/"
|
||||
echo "APISIX URL: http{{ if .Values.controlPlane.ingress.tls }}s{{ end }}://{{ .Values.controlPlane.ingress.hostname }}/"
|
||||
echo "$CLUSTER_IP {{ .Values.controlPlane.ingress.hostname }}" | sudo tee -a /etc/hosts
|
||||
|
||||
{{- else }}
|
||||
{{- $port := .Values.controlPlane.service.ports.adminAPI | toString }}
|
||||
|
||||
1. Get the Apisix URL by running these commands:
|
||||
1. Get the APISIX URL by running these commands:
|
||||
|
||||
{{- if contains "NodePort" .Values.controlPlane.service.type }}
|
||||
|
||||
@@ -134,7 +130,7 @@ APISIX Control Plane:
|
||||
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "apisix.control-plane.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "apisix.control-plane.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
echo "Apisix URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.controlPlane.service.ports.adminAPI }}{{ end }}/"
|
||||
echo "APISIX URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.controlPlane.service.ports.adminAPI }}{{ end }}/"
|
||||
|
||||
{{- else if contains "ClusterIP" .Values.controlPlane.service.type }}
|
||||
|
||||
@@ -158,20 +154,20 @@ APISIX Data Plane:
|
||||
|
||||
{{ include "apisix.data-plane.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.dataPlane.service.ports.http }})
|
||||
|
||||
To access your Apisix site from outside the cluster follow the steps below:
|
||||
To access your APISIX site from outside the cluster follow the steps below:
|
||||
|
||||
{{- if .Values.dataPlane.ingress.enabled }}
|
||||
|
||||
1. Get the Apisix Data Plane URL and associate Apisix hostname to your cluster external IP:
|
||||
1. Get the APISIX Data Plane URL and associate APISIX hostname to your cluster external IP:
|
||||
|
||||
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
|
||||
echo "Apisix URL: http{{ if .Values.dataPlane.ingress.tls }}s{{ end }}://{{ .Values.dataPlane.ingress.hostname }}/"
|
||||
echo "APISIX URL: http{{ if .Values.dataPlane.ingress.tls }}s{{ end }}://{{ .Values.dataPlane.ingress.hostname }}/"
|
||||
echo "$CLUSTER_IP {{ .Values.dataPlane.ingress.hostname }}" | sudo tee -a /etc/hosts
|
||||
|
||||
{{- else }}
|
||||
{{- $port := .Values.dataPlane.service.ports.http | toString }}
|
||||
|
||||
1. Get the Apisix URL by running these commands:
|
||||
1. Get the APISIX URL by running these commands:
|
||||
|
||||
{{- if contains "NodePort" .Values.dataPlane.service.type }}
|
||||
|
||||
@@ -185,7 +181,7 @@ APISIX Data Plane:
|
||||
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "apisix.data-plane.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "apisix.data-plane.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
echo "Apisix URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.dataPlane.service.ports.http }}{{ end }}/"
|
||||
echo "APISIX URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.dataPlane.service.ports.http }}{{ end }}/"
|
||||
|
||||
{{- else if contains "ClusterIP" .Values.dataPlane.service.type }}
|
||||
|
||||
@@ -203,9 +199,8 @@ The Ingress Class name to use the APISIX Ingress Controller is: {{ .Values.ingre
|
||||
{{- end }}
|
||||
|
||||
{{- include "common.warnings.rollingTag" .Values.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.dashboard.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.ingressController.image }}
|
||||
{{- include "apisix.validateValues" . }}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "controlPlane" "dashboard" "dataPlane" "ingressController") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.dashboard.image .Values.ingressController.image .Values.waitContainer.image) "context" $) }}
|
||||
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.dashboard.image .Values.ingressController.image .Values.waitContainer.image) "context" $) }}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "controlPlane" "dataPlane" "ingressController") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.ingressController.image .Values.waitContainer.image) "context" $) }}
|
||||
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.ingressController.image .Values.waitContainer.image) "context" $) }}
|
||||
|
||||
@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "apisix.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.dashboard.image .Values.ingressController.image) "global" .Values.global) -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.ingressController.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
@@ -213,7 +213,7 @@ Name of the ingress-controller ConfigMap
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Name of the dashboard ConfigMap
|
||||
Name of the ingress-controller ConfigMap
|
||||
*/}}
|
||||
{{- define "apisix.ingress-controller.extraConfigmapName" -}}
|
||||
{{- if .Values.ingressController.extraConfigExistingConfigMap -}}
|
||||
@@ -223,87 +223,6 @@ Name of the dashboard ConfigMap
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper APISIX Dashboard image name
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.dashboard.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper APISIX Dashboard fullname
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.fullname" -}}
|
||||
{{- printf "%s-%s" (include "common.names.fullname" .) "dashboard" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper APISIX Dashboard fullname (with namespace)
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.fullname.namespace" -}}
|
||||
{{- printf "%s-%s" (include "common.names.fullname.namespace" .) "dashboard" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use (APISIX Dashboard)
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.serviceAccountName" -}}
|
||||
{{- if .Values.dashboard.serviceAccount.create -}}
|
||||
{{- default (include "apisix.dashboard.fullname" .) .Values.dashboard.serviceAccount.name -}}
|
||||
{{- else -}}
|
||||
{{- default "default" .Values.dashboard.serviceAccount.name -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Name of the dashboard ConfigMap
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.defaultConfigmapName" -}}
|
||||
{{- if .Values.dashboard.existingConfigMap -}}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.existingConfigMap "context" $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-default" (include "apisix.dashboard.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Name of the control-plane ConfigMap
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.extraConfigmapName" -}}
|
||||
{{- if .Values.dashboard.extraConfigExistingConfigMap -}}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraConfigExistingConfigMap "context" $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-extra" (include "apisix.dashboard.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Name of the control-plane ConfigMap
|
||||
*/}}
|
||||
{{- define "apisix.dashboard.secretName" -}}
|
||||
{{- if .Values.dashboard.existingSecret -}}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.existingSecret "context" $) -}}
|
||||
{{- else -}}
|
||||
{{- include "apisix.dashboard.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "apisix.dashboard.tlsSecretName" -}}
|
||||
{{- if .Values.dashboard.tls.existingSecret -}}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tls.existingSecret "context" $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-tls" (include "apisix.dashboard.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "apisix.dashboard.secretPasswordKey" -}}
|
||||
{{- if .Values.dashboard.existingSecretPasswordKey -}}
|
||||
{{- print .Values.dashboard.existingSecretPasswordKey -}}
|
||||
{{- else -}}
|
||||
{{- print "password" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "apisix.wait-container.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.waitContainer.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
@@ -334,6 +253,7 @@ Init container definition for waiting for the database to be ready
|
||||
#!/bin/bash
|
||||
cp -R /opt/bitnami/apisix/conf /usr/local/apisix
|
||||
ln -sf /opt/bitnami/apisix/deps /usr/local/apisix
|
||||
ln -sf /opt/bitnami/apisix/ui /usr/local/apisix
|
||||
ln -sf /opt/bitnami/apisix/openresty/luajit/share/lua/*/apisix /usr/local/apisix
|
||||
mkdir -p /usr/local/apisix/logs
|
||||
{{- if .context.Values.usePasswordFiles }}
|
||||
@@ -344,9 +264,6 @@ Init container definition for waiting for the database to be ready
|
||||
{{- if (include "apisix.etcd.authEnabled" .context) }}
|
||||
export APISIX_ETCD_PASSWORD="$(< $APISIX_ETCD_PASSWORD_FILE)"
|
||||
{{- end }}
|
||||
{{- if eq .component "dashboard" }}
|
||||
export APISIX_DASHBOARD_PASSWORD="$(< $APISIX_DASHBOARD_PASSWORD_FILE)"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
# Build final config.yaml with the sections of the different files
|
||||
cp /bitnami/apisix/rendered-conf/config.yaml /usr/local/apisix/conf/
|
||||
@@ -418,7 +335,7 @@ Init container definition for waiting for the database to be ready
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if and .context.Values.usePasswordFiles (or (eq .component "dashboard") .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .context)) }}
|
||||
{{- if and .context.Values.usePasswordFiles (or .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .context)) }}
|
||||
- name: apisix-secrets
|
||||
mountPath: /opt/bitnami/apisix/secrets
|
||||
{{- end }}
|
||||
@@ -559,7 +476,7 @@ Init container definition for waiting for the database to be ready
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Render configuration for the dashboard and ingress-controller components
|
||||
Render configuration for the APISIX components
|
||||
*/}}
|
||||
{{- define "apisix.renderConfInitContainer" -}}
|
||||
# This init container renders and merges the APISIX configuration files, as well
|
||||
@@ -575,8 +492,6 @@ Render configuration for the dashboard and ingress-controller components
|
||||
{{- $block = index .context.Values "controlPlane" }}
|
||||
{{- else if eq .component "data-plane" }}
|
||||
{{- $block = index .context.Values "dataPlane" }}
|
||||
{{- else }}
|
||||
{{- $block = index .context.Values "dashboard" }}
|
||||
{{- end }}
|
||||
{{- if $block.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $block.containerSecurityContext "context" .context) | nindent 4 }}
|
||||
@@ -595,9 +510,6 @@ Render configuration for the dashboard and ingress-controller components
|
||||
{{- if (include "apisix.etcd.authEnabled" .context) }}
|
||||
export APISIX_ETCD_PASSWORD="$(< $APISIX_ETCD_PASSWORD_FILE)"
|
||||
{{- end }}
|
||||
{{- if eq .component "dashboard" }}
|
||||
export APISIX_DASHBOARD_PASSWORD="$(< $APISIX_DASHBOARD_PASSWORD_FILE)"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
find /bitnami/apisix/conf -type f -name *.yaml -print0 | sort -z | xargs -0 yq eval-all '. as $item ireduce ({}; . * $item )' > /bitnami/apisix/rendered-conf/pre-render-config.yaml
|
||||
render-template /bitnami/apisix/rendered-conf/pre-render-config.yaml > /bitnami/apisix/rendered-conf/config.yaml
|
||||
@@ -639,20 +551,6 @@ Render configuration for the dashboard and ingress-controller components
|
||||
key: {{ include "apisix.etcd.secretPasswordKey" .context }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .component "dashboard" }}
|
||||
- name: APISIX_DASHBOARD_USER
|
||||
value: {{ $block.username | quote }}
|
||||
{{- if .context.Values.usePasswordFiles }}
|
||||
- name: APISIX_DASHBOARD_PASSWORD_FILE
|
||||
value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.dashboard.secretPasswordKey" .context) }}
|
||||
{{- else }}
|
||||
- name: APISIX_DASHBOARD_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "apisix.dashboard.secretName" .context }}
|
||||
key: {{ include "apisix.dashboard.secretPasswordKey" .context }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $block.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" $block.extraEnvVars "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -671,7 +569,7 @@ Render configuration for the dashboard and ingress-controller components
|
||||
subPath: app-conf-dir
|
||||
- name: config
|
||||
mountPath: /bitnami/apisix/conf/00_default
|
||||
{{- if and .context.Values.usePasswordFiles (or (eq .component "dashboard") .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .context)) }}
|
||||
{{- if and .context.Values.usePasswordFiles (or .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .context)) }}
|
||||
- name: apisix-secrets
|
||||
mountPath: /opt/bitnami/apisix/secrets
|
||||
{{- end }}
|
||||
@@ -764,7 +662,7 @@ Validate values for APISIX.
|
||||
Function to validate the controller deployment
|
||||
*/}}
|
||||
{{- define "apisix.validateValues.controllers" -}}
|
||||
{{- if not (or .Values.dataPlane.enabled .Values.controlPlane.enabled .Values.dashboard.enabled .Values.ingressController.enabled) -}}
|
||||
{{- if not (or .Values.dataPlane.enabled .Values.controlPlane.enabled .Values.ingressController.enabled) -}}
|
||||
apisix: Missing controllers. At least one controller should be enabled.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.dashboard.enabled (not .Values.dashboard.existingConfigMap) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-default" (include "apisix.dashboard.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
config.yaml: |
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.defaultConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -1,214 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.dashboard.updateStrategy }}
|
||||
strategy: {{- toYaml .Values.dashboard.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if not .Values.dashboard.autoscaling.hpa.enabled }}
|
||||
replicas: {{ .Values.dashboard.replicaCount }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/dashboard/configmap.yaml") . | sha256sum }}
|
||||
checksum/config-extra: {{ include (print $.Template.BasePath "/dashboard/extra-configmap.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/dashboard/secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.dashboard.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
spec:
|
||||
serviceAccountName: {{ template "apisix.dashboard.serviceAccountName" . }}
|
||||
{{- include "apisix.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.dashboard.automountServiceAccountToken }}
|
||||
{{- if .Values.dashboard.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAffinityPreset "component" "csi-provider" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAntiAffinityPreset "component" "csi-provider" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dashboard.nodeAffinityPreset.type "key" .Values.dashboard.nodeAffinityPreset.key "values" .Values.dashboard.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tolerations "context" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.priorityClassName }}
|
||||
priorityClassName: {{ .Values.dashboard.priorityClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.schedulerName }}
|
||||
schedulerName: {{ .Values.dashboard.schedulerName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.topologySpreadConstraints "context" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.dashboard.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
{{- include "apisix.waitForETCDInitContainer" . | nindent 8 }}
|
||||
{{- include "apisix.renderConfInitContainer" (dict "component" "dashboard" "context" $) | nindent 8 }}
|
||||
{{- if .Values.dashboard.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: apisix-dashboard
|
||||
image: {{ template "apisix.dashboard.image" . }}
|
||||
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }}
|
||||
{{- if .Values.dashboard.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.dashboard.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.command "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.dashboard.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.args "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
args:
|
||||
- -c
|
||||
- /bitnami/apisix/conf/config.yaml
|
||||
- -p
|
||||
- /opt/bitnami/apisix-dashboard
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if .Values.dashboard.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- if .Values.dashboard.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsCM "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsSecret "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.resources }}
|
||||
resources: {{- toYaml .Values.dashboard.resources | nindent 12 }}
|
||||
{{- else if ne .Values.dashboard.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.dashboard.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.dashboard.containerPorts.http }}
|
||||
- name: https
|
||||
containerPort: {{ .Values.dashboard.containerPorts.https }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.dashboard.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.dashboard.livenessProbe.enabled }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.livenessProbe "enabled") "context" $) | nindent 12 }}
|
||||
tcpSocket:
|
||||
port: http
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.dashboard.readinessProbe.enabled }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.readinessProbe "enabled") "context" $) | nindent 12 }}
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: http
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.dashboard.startupProbe.enabled }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.dashboard.startupProbe "enabled") "context" $) | nindent 12 }}
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: http
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /bitnami/apisix/conf
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/apisix-dashboard/logs
|
||||
subPath: app-logs-dir
|
||||
{{- if .Values.dashboard.tls.enabled }}
|
||||
- name: certs
|
||||
mountPath: /bitnami/certs
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.sidecars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "apisix.dashboard.defaultConfigmapName" . }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: apisix-secrets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: {{ include "apisix.dashboard.secretName" . }}
|
||||
{{- if (include "apisix.etcd.authEnabled" .) }}
|
||||
- secret:
|
||||
name: {{ include "apisix.etcd.secretName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.controlPlane.enabled }}
|
||||
- secret:
|
||||
name: {{ include "apisix.control-plane.secretName" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.dashboard.extraConfig .Values.dashboard.extraConfigExistingConfigMap }}
|
||||
- name: extra-config
|
||||
configMap:
|
||||
name: {{ include "apisix.dashboard.extraConfigmapName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.tls.enabled }}
|
||||
- name: certs
|
||||
secret:
|
||||
secretName: {{ template "apisix.dashboard.tlsSecretName" . }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.dashboard.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,23 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.dashboard.enabled .Values.dashboard.extraConfig (not .Values.dashboard.extraConfigExistingConfigMap) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-extra" (include "apisix.dashboard.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
01_extra-config.yaml: |
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -1,42 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.autoscaling.hpa.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
minReplicas: {{ .Values.dashboard.autoscaling.hpa.minReplicas }}
|
||||
maxReplicas: {{ .Values.dashboard.autoscaling.hpa.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.dashboard.autoscaling.hpa.targetCPU }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.dashboard.autoscaling.hpa.targetCPU }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.autoscaling.hpa.targetMemory }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.dashboard.autoscaling.hpa.targetMemory }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,50 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.ingress.enabled }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
{{- if .Values.dashboard.ingress.secrets }}
|
||||
{{- range .Values.dashboard.ingress.secrets }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ include "common.names.namespace" $ | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if $.Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ .certificate | b64enc }}
|
||||
tls.key: {{ .key | b64enc }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.dashboard.ingress.tls .Values.dashboard.ingress.selfSigned }}
|
||||
{{- $secretName := printf "%s-tls" .Values.dashboard.ingress.hostname }}
|
||||
{{- $ca := genCA "server-ca" 365 }}
|
||||
{{- $cert := genSignedCert .Values.dashboard.ingress.hostname nil (list .Values.dashboard.ingress.hostname) 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
|
||||
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
|
||||
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,59 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.dashboard.enabled .Values.dashboard.ingress.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if or .Values.dashboard.ingress.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.dashboard.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.dashboard.ingress.ingressClassName | quote }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.dashboard.ingress.hostname }}
|
||||
- host: {{ .Values.dashboard.ingress.hostname }}
|
||||
http:
|
||||
paths:
|
||||
{{- if .Values.dashboard.ingress.extraPaths }}
|
||||
{{- toYaml .Values.dashboard.ingress.extraPaths | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.dashboard.ingress.path }}
|
||||
pathType: {{ .Values.dashboard.ingress.pathType }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "apisix.dashboard.fullname" . | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- range .Values.dashboard.ingress.extraHosts }}
|
||||
- host: {{ .name | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ default "/" .path }}
|
||||
pathType: {{ default "ImplementationSpecific" .pathType }}
|
||||
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "apisix.dashboard.fullname" $ | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.ingress.extraRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.ingress.extraRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.dashboard.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.dashboard.ingress.annotations )) .Values.dashboard.ingress.selfSigned)) .Values.dashboard.ingress.extraTls }}
|
||||
tls:
|
||||
{{- if and .Values.dashboard.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.dashboard.ingress.annotations )) .Values.dashboard.ingress.selfSigned) }}
|
||||
- hosts:
|
||||
- {{ .Values.dashboard.ingress.hostname | quote }}
|
||||
secretName: {{ printf "%s-tls" .Values.dashboard.ingress.hostname }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.ingress.extraTls }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.ingress.extraTls "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,82 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.dashboard.enabled .Values.dashboard.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.dashboard.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
- ports:
|
||||
# Allow dns resolution
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow outbound connections to etcd
|
||||
- ports:
|
||||
- port: {{ include "apisix.etcd.port" . }}
|
||||
to:
|
||||
{{- if .Values.etcd.enabled }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: etcd
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.dashboard.containerPorts.http }}
|
||||
- port: {{ .Values.dashboard.containerPorts.https }}
|
||||
{{- if not .Values.dashboard.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "apisix.dashboard.fullname" . }}-client: "true"
|
||||
{{- if .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,32 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.dashboard.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.dashboard.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.dashboard.pdb.maxUnavailable ( not .Values.dashboard.pdb.minAvailable ) }}
|
||||
maxUnavailable: {{ .Values.dashboard.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- end }}
|
||||
@@ -1,23 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.dashboard.enabled (not .Values.dashboard.existingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "apisix.dashboard.fullname" .) "key" "password" "length" 10 "providedValues" (list "dashboard.password") "honorProvidedValues" true "context" $) }}
|
||||
{{- end }}
|
||||
@@ -1,20 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "apisix.dashboard.serviceAccountName" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.dashboard.serviceAccount.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.dashboard.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
||||
@@ -1,72 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.dashboard.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if or .Values.dashboard.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.dashboard.service.type }}
|
||||
{{- if and .Values.dashboard.service.clusterIP (eq .Values.dashboard.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.dashboard.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.dashboard.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.dashboard.service.type "LoadBalancer") (eq .Values.dashboard.service.type "NodePort") }}
|
||||
externalTrafficPolicy: {{ .Values.dashboard.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.dashboard.service.type "LoadBalancer") (not (empty .Values.dashboard.service.loadBalancerSourceRanges)) }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.dashboard.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.dashboard.service.type "LoadBalancer") (not (empty .Values.dashboard.service.loadBalancerIP)) }}
|
||||
loadBalancerIP: {{ .Values.dashboard.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.service.externalIPs }}
|
||||
externalIPs: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.service.externalIPs "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.dashboard.service.ports.http }}
|
||||
protocol: TCP
|
||||
{{- if and (or (eq .Values.dashboard.service.type "NodePort") (eq .Values.dashboard.service.type "LoadBalancer")) (not (empty .Values.dashboard.service.nodePorts.http)) }}
|
||||
nodePort: {{ .Values.dashboard.service.nodePorts.http }}
|
||||
{{- else if eq .Values.dashboard.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
targetPort: http
|
||||
{{- if .Values.dashboard.tls.enabled }}
|
||||
- name: https
|
||||
port: {{ .Values.dashboard.service.ports.https }}
|
||||
protocol: TCP
|
||||
{{- if and (or (eq .Values.dashboard.service.type "NodePort") (eq .Values.dashboard.service.type "LoadBalancer")) (not (empty .Values.dashboard.service.nodePorts.https)) }}
|
||||
nodePort: {{ .Values.dashboard.service.nodePorts.https }}
|
||||
{{- else if eq .Values.dashboard.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
targetPort: https
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- end }}
|
||||
@@ -1,47 +0,0 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.dashboard.autoscaling.vpa.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }}
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "apisix.dashboard.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if or .Values.dashboard.autoscaling.vpa.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: apisix-dashboard
|
||||
{{- with .Values.dashboard.autoscaling.vpa.controlledResources }}
|
||||
controlledResources:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.dashboard.autoscaling.vpa.maxAllowed }}
|
||||
maxAllowed:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.dashboard.autoscaling.vpa.minAllowed }}
|
||||
minAllowed:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
targetRef:
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
name: {{ include "apisix.dashboard.fullname" . }}
|
||||
{{- if .Values.dashboard.autoscaling.vpa.updatePolicy }}
|
||||
updatePolicy:
|
||||
{{- with .Values.dashboard.autoscaling.vpa.updatePolicy.updateMode }}
|
||||
updateMode: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -101,35 +101,3 @@ data:
|
||||
{{- end }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- if and .Values.dashboard.enabled .Values.dashboard.tls.enabled (not .Values.dashboard.tls.existingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-tls" (include "apisix.dashboard.fullname" .) }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/part-of: apisix
|
||||
app.kubernetes.io/component: dashboard
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
{{- if .Values.dashboard.tls.autoGenerated }}
|
||||
{{- $cert := genSignedCert (include "apisix.dashboard.fullname" .) nil (list (include "apisix.dashboard.fullname" .) (printf "%s.%s" (include "apisix.dashboard.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc" (include "apisix.dashboard.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "apisix.dashboard.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain)) 365 $ca }}
|
||||
{{ .Values.dashboard.tls.certFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "apisix.dashboard.fullname" .)) "key" .Values.dashboard.tls.certFilename "defaultValue" $cert.Cert "context" $) }}
|
||||
{{ .Values.dashboard.tls.certKeyFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "apisix.dashboard.fullname" .)) "key" .Values.dashboard.tls.certKeyFilename "defaultValue" $cert.Key "context" $) }}
|
||||
{{ .Values.dashboard.tls.certCAFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "apisix.dashboard.fullname" .)) "key" .Values.dashboard.tls.certCAFilename "defaultValue" $ca.Cert "context" $) }}
|
||||
{{- else }}
|
||||
{{- if .Values.dashboard.tls.cert }}
|
||||
{{ .Values.dashboard.tls.certFilename }}: {{ .Values.dashboard.tls.cert | b64enc }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.tls.key }}
|
||||
{{ .Values.dashboard.tls.certKeyFilename }}: {{ .Values.dashboard.tls.key | b64enc }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboard.tls.ca }}
|
||||
{{ .Values.dashboard.tls.certCAFilename }}: {{ .Values.dashboard.tls.ca | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- end }}
|
||||
|
||||
@@ -413,7 +413,7 @@
|
||||
},
|
||||
"defaultConfig": {
|
||||
"type": "string",
|
||||
"description": "Apisix apisix configuration (evaluated as a template)",
|
||||
"description": "APISIX apisix configuration (evaluated as a template)",
|
||||
"default": "{{- if .Values.dataPlane.metrics.enabled }}\nplugin_attr:\n prometheus:\n export_uri: /apisix/prometheus/metrics\n metric_prefix: apisix_\n enable_export_server: true\n export_addr:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.metrics }}\n{{- end }}\napisix:\n node_listen: {{ .Values.dataPlane.containerPorts.http }}\n enable_admin: false\n {{- if .Values.dataPlane.tls.enabled }}\n ssl:\n enable: true\n listen:\n - port: {{ .Values.dataPlane.containerPorts.https }}\n ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n enable_http2: true\n {{- end }}\n control:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.control }}\nnginx_config:\n error_log: /dev/stderr\n stream:\n access_log: /dev/stdout\n http:\n access_log: /dev/stdout\n http_configuration_snippet: |\n proxy_buffering off;\ndeployment:\n role: data_plane\n role_data_plane:\n config_provider: etcd\n {{- if .Values.controlPlane.enabled }}\n control_plane:\n host:\n - {{ ternary \"https\" \"http\" .Values.controlPlane.tls.enabled }}://{{ include \"apisix.control-plane.fullname\" . }}:{{ .Values.controlPlane.service.ports.configServer }}\n prefix: /apisix\n timeout: 30\n {{- end }}\n {{- if .Values.dataPlane.tls.enabled }}\n certs:\n {{- if .Values.dataPlane.tls.enabled }}\n cert: /bitnami/certs/{{ .Values.dataPlane.tls.certFilename }}\n cert_key: /bitnami/certs/{{ .Values.dataPlane.tls.certKeyFilename }}\n {{- if .Values.dataPlane.tls.certCAFilename }}\n client_ca_cert: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n {{- end }}\n {{- end }}\n {{- end }}\ndiscovery:\n kubernetes:\n service:\n # apiserver schema, options [http, https]\n schema: https #default https\n\n # apiserver host, options [ipv4, ipv6, domain, environment variable]\n host: ${KUBERNETES_SERVICE_HOST} #default ${KUBERNETES_SERVICE_HOST}\n\n # apiserver port, options [port number, environment variable]\n port: ${KUBERNETES_SERVICE_PORT} #default ${KUBERNETES_SERVICE_PORT}\n\n client:\n # serviceaccount token or token_file\n token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0\n"
|
||||
},
|
||||
"existingConfigMap": {
|
||||
@@ -726,7 +726,7 @@
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable ingress record generation for Apisix",
|
||||
"description": "Enable ingress record generation for APISIX",
|
||||
"default": false
|
||||
},
|
||||
"pathType": {
|
||||
@@ -1320,7 +1320,7 @@
|
||||
},
|
||||
"defaultConfig": {
|
||||
"type": "string",
|
||||
"description": "Apisix apisix configuration (evaluated as a template)",
|
||||
"description": "APISIX apisix configuration (evaluated as a template)",
|
||||
"default": "{{- if .Values.controlPlane.metrics.enabled }}\nplugin_attr:\n prometheus:\n export_uri: /apisix/prometheus/metrics\n metric_prefix: apisix_\n enable_export_server: true\n export_addr:\n ip: 0.0.0.0\n port: {{ .Values.controlPlane.containerPorts.metrics }}\n{{- end }}\nnginx_config:\n error_log: /dev/stderr\n stream:\n access_log: /dev/stdout\n http:\n access_log: /dev/stdout\n http_configuration_snippet: |\n proxy_buffering off;\napisix:\n control:\n ip: 0.0.0.0\n port: {{ .Values.controlPlane.containerPorts.control }}\ndeployment:\n role: control_plane\n role_control_plane:\n config_provider: etcd\n conf_server:\n listen: 0.0.0.0:{{ .Values.controlPlane.containerPorts.configServer }}\n cert: /bitnami/certs/{{ .Values.controlPlane.tls.certFilename }}\n cert_key: /bitnami/certs/{{ .Values.controlPlane.tls.certKeyFilename }}\n etcd:\n host:\n {{- if .Values.etcd.enabled }}\n {{- $replicas := $.Values.etcd.replicaCount | int }}\n {{- range $i, $_e := until $replicas }}\n - {{ printf \"%s://%s-%d.%s:%v\" (ternary \"https\" \"http\" $.Values.etcd.auth.client.secureTransport) (include \"apisix.etcd.fullname\" $ ) $i (include \"apisix.etcd.headlessServiceName\" $) ( include \"apisix.etcd.port\" $ ) }} {{- end }}\n {{- else }}\n {{- range $node := .Values.externalEtcd.servers }}\n - {{ ternary \"https\" \"http\" $.Values.externalEtcd.secureTransport }}://{{ printf \"%s:%v\" $node (include \"apisix.etcd.port\" $) }}\n {{- end }}\n {{- end }}\n prefix: /apisix\n timeout: 30\n use_grpc: false\n startup_retry: 60\n {{- if (include \"apisix.etcd.authEnabled\" .) }}\n user: \"{{ print \"{{APISIX_ETCD_USER}}\" }}\"\n password: \"{{ print \"{{APISIX_ETCD_PASSWORD}}\" }}\"\n {{- end }}\n {{- if .Values.controlPlane.tls.enabled }}\n certs:\n {{- if .Values.controlPlane.tls.enabled }}\n cert: /bitnami/certs/{{ .Values.controlPlane.tls.certFilename }}\n cert_key: /bitnami/certs/{{ .Values.controlPlane.tls.certKeyFilename }}\n {{- if .Values.controlPlane.tls.certCAFilename }}\n client_ca_cert: /bitnami/certs/{{ .Values.controlPlane.tls.certCAFilename }}\n {{- end }}\n {{- end }}\n {{- end }}\n admin:\n {{- if .Values.controlPlane.tls.enabled }}\n https_admin: true\n admin_api_mtls:\n admin_ssl_cert: /bitnami/certs/{{ .Values.controlPlane.tls.certFilename }}\n admin_ssl_cert_key: /bitnami/certs/{{ .Values.controlPlane.tls.certKeyFilename }}\n {{- end }}\n\n allow_admin:\n - 0.0.0.0/0\n\n admin_key:\n - name: admin\n key: \"{{ print \"{{APISIX_ADMIN_API_TOKEN}}\" }}\"\n role: admin\n - name: viewer\n key: \"{{ print \"{{APISIX_VIEWER_API_TOKEN}}\" }}\"\n role: viewer\n admin_listen:\n port: {{ .Values.controlPlane.containerPorts.adminAPI }}\n enable_admin_cors: true # Admin API support CORS response headers.\ndiscovery:\n kubernetes:\n service:\n schema: https #default https\n\n # apiserver host, options [ipv4, ipv6, domain, environment variable]\n host: ${KUBERNETES_SERVICE_HOST}\n\n # apiserver port, options [port number, environment variable]\n port: ${KUBERNETES_SERVICE_PORT}\n\n client:\n # serviceaccount token or token_file\n token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0\n"
|
||||
},
|
||||
"existingConfigMap": {
|
||||
@@ -1633,7 +1633,7 @@
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable ingress record generation for Apisix",
|
||||
"description": "Enable ingress record generation for APISIX",
|
||||
"default": false
|
||||
},
|
||||
"pathType": {
|
||||
@@ -1924,786 +1924,6 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"dashboard": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable APISIX Dashboard",
|
||||
"default": true
|
||||
},
|
||||
"replicaCount": {
|
||||
"type": "number",
|
||||
"description": "Number of APISIX Dashboard replicas to deploy",
|
||||
"default": 1
|
||||
},
|
||||
"image": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"registry": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard image registry",
|
||||
"default": "docker.io"
|
||||
},
|
||||
"repository": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard image repository",
|
||||
"default": "bitnami/apisix-dashboard"
|
||||
},
|
||||
"tag": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard image tag (immutable tags are recommended)",
|
||||
"default": "3.0.1-debian-11-r2"
|
||||
},
|
||||
"digest": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)",
|
||||
"default": ""
|
||||
},
|
||||
"pullPolicy": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard image pull policy",
|
||||
"default": "IfNotPresent"
|
||||
},
|
||||
"pullSecrets": {
|
||||
"type": "array",
|
||||
"description": "APISIX Dashboard image pull secrets",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"debug": {
|
||||
"type": "boolean",
|
||||
"description": "Enable APISIX Dashboard image debug mode",
|
||||
"default": false
|
||||
}
|
||||
}
|
||||
},
|
||||
"username": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard username",
|
||||
"default": "user"
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard password",
|
||||
"default": ""
|
||||
},
|
||||
"existingSecret": {
|
||||
"type": "string",
|
||||
"description": "Name of a existing secret containing the password for APISIX Dashboard",
|
||||
"default": ""
|
||||
},
|
||||
"existingSecretPasswordKey": {
|
||||
"type": "string",
|
||||
"description": "Key inside the secret containing the password for APISIX Dashboard",
|
||||
"default": ""
|
||||
},
|
||||
"defaultConfig": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard configuration (evaluated as a template)",
|
||||
"default": "conf:\n listen:\n host: 0.0.0.0\n port: {{ .Values.dashboard.containerPorts.http }}\n {{- if .Values.dashboard.tls.enabled }}\n ssl:\n host: 0.0.0.0\n port: {{ .Values.dashboard.containerPorts.https }}\n cert: /bitnami/certs/{{ .Values.dashboard.tls.certFilename }}\n key: /bitnami/certs/{{ .Values.dashboard.tls.certKeyFilename }}\n {{- end }}\n etcd:\n prefix: \"/apisix\"\n endpoints:\n {{- if .Values.etcd.enabled }}\n {{- $replicas := $.Values.etcd.replicaCount | int }}\n {{- range $i, $_e := until $replicas }}\n - {{ printf \"%s://%s-%d.%s:%v\" (ternary \"https\" \"http\" $.Values.etcd.auth.client.secureTransport) (include \"apisix.etcd.fullname\" $ ) $i (include \"apisix.etcd.headlessServiceName\" $) ( include \"apisix.etcd.port\" $ ) }} {{- end }}\n {{- else }}\n {{- range $node :=.Values.externalEtcd.servers }}\n - {{ printf \"%s:%v\" $node (include \"apisix.etcd.port\" $) }}\n {{- end }}\n {{- end }}\n {{- if (include \"apisix.etcd.authEnabled\" .) }}\n username: \"{{ print \"{{ APISIX_ETCD_USER }}\" }}\"\n password: \"{{ print \"{{ APISIX_ETCD_PASSWORD }}\" }}\"\n {{- end }}\n log:\n error_log:\n level: warn\n file_path: /dev/stderr\n access_log:\n file_path: /dev/stdout\nauthentication:\n secret: secret\n expire_time: 3600\n users:\n - username: \"{{ print \"{{ APISIX_DASHBOARD_USER }}\" }}\"\n password: \"{{ print \"{{ APISIX_DASHBOARD_PASSWORD }}\" }}\"\n"
|
||||
},
|
||||
"extraConfig": {
|
||||
"type": ["object", "string"],
|
||||
"description": "extra configuration settings for APISIX Dashboard",
|
||||
"default": {}
|
||||
},
|
||||
"existingConfigMap": {
|
||||
"type": "string",
|
||||
"description": "name of a ConfigMap with existing configuration for the Dashboard",
|
||||
"default": ""
|
||||
},
|
||||
"extraConfigExistingConfigMap": {
|
||||
"type": "string",
|
||||
"description": "name of a ConfigMap with existing configuration for the Dashboard",
|
||||
"default": ""
|
||||
},
|
||||
"tls": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable TLS transport in Dashboard",
|
||||
"default": true
|
||||
},
|
||||
"autoGenerated": {
|
||||
"type": "boolean",
|
||||
"description": "Auto-generate self-signed certificates",
|
||||
"default": true
|
||||
},
|
||||
"existingSecret": {
|
||||
"type": "string",
|
||||
"description": "Name of a secret containing the certificates",
|
||||
"default": ""
|
||||
},
|
||||
"certFilename": {
|
||||
"type": "string",
|
||||
"description": "Path of the certificate file when mounted as a secret",
|
||||
"default": "tls.crt"
|
||||
},
|
||||
"certKeyFilename": {
|
||||
"type": "string",
|
||||
"description": "Path of the certificate key file when mounted as a secret",
|
||||
"default": "tls.key"
|
||||
},
|
||||
"certCAFilename": {
|
||||
"type": "string",
|
||||
"description": "Path of the certificate CA file when mounted as a secret",
|
||||
"default": "ca.crt"
|
||||
},
|
||||
"cert": {
|
||||
"type": "string",
|
||||
"description": "Content of the certificate to be added to the secret",
|
||||
"default": ""
|
||||
},
|
||||
"key": {
|
||||
"type": "string",
|
||||
"description": "Content of the certificate key to be added to the secret",
|
||||
"default": ""
|
||||
},
|
||||
"ca": {
|
||||
"type": "string",
|
||||
"description": "Content of the certificate CA to be added to the secret",
|
||||
"default": ""
|
||||
}
|
||||
}
|
||||
},
|
||||
"hostAliases": {
|
||||
"type": ["array", "string"],
|
||||
"description": "APISIX Dashboard pods host aliases",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"podLabels": {
|
||||
"type": "object",
|
||||
"description": "Extra labels for APISIX Dashboard pods",
|
||||
"default": {}
|
||||
},
|
||||
"podAnnotations": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Annotations for APISIX Dashboard pods",
|
||||
"default": {}
|
||||
},
|
||||
"podAffinityPreset": {
|
||||
"type": "string",
|
||||
"description": "Pod affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`",
|
||||
"default": ""
|
||||
},
|
||||
"podAntiAffinityPreset": {
|
||||
"type": "string",
|
||||
"description": "Pod anti-affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`",
|
||||
"default": "soft"
|
||||
},
|
||||
"nodeAffinityPreset": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"description": "Node affinity preset type. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`",
|
||||
"default": ""
|
||||
},
|
||||
"key": {
|
||||
"type": "string",
|
||||
"description": "Node label key to match. Ignored if `dashboard.affinity` is set",
|
||||
"default": ""
|
||||
},
|
||||
"values": {
|
||||
"type": "array",
|
||||
"description": "Node label values to match. Ignored if `dashboard.affinity` is set",
|
||||
"default": [],
|
||||
"items": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"affinity": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Affinity for APISIX Dashboard pods assignment",
|
||||
"default": {}
|
||||
},
|
||||
"nodeSelector": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Node labels for APISIX Dashboard pods assignment",
|
||||
"default": {}
|
||||
},
|
||||
"tolerations": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Tolerations for APISIX Dashboard pods assignment",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"updateStrategy": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard statefulset strategy type",
|
||||
"default": "RollingUpdate"
|
||||
}
|
||||
}
|
||||
},
|
||||
"priorityClassName": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard pods' priorityClassName",
|
||||
"default": ""
|
||||
},
|
||||
"topologySpreadConstraints": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"schedulerName": {
|
||||
"type": "string",
|
||||
"description": "Name of the k8s scheduler (other than default) for APISIX Dashboard pods",
|
||||
"default": ""
|
||||
},
|
||||
"terminationGracePeriodSeconds": {
|
||||
"type": "string",
|
||||
"description": "Seconds Redmine pod needs to terminate gracefully",
|
||||
"default": ""
|
||||
},
|
||||
"extraVolumes": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Optionally specify extra list of additional volumes for the APISIX Dashboard pod(s)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"sidecars": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Add additional sidecar containers to the APISIX Dashboard pod(s)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"initContainers": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Add additional init containers to the APISIX Dashboard pod(s)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"podSecurityContext": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enabled Dashboard pods' Security Context",
|
||||
"default": true
|
||||
},
|
||||
"fsGroup": {
|
||||
"type": "number",
|
||||
"description": "Set Dashboard pod's Security Context fsGroup",
|
||||
"default": 1001
|
||||
},
|
||||
"seccompProfile": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"description": "Set Dashboard pod's Security Context seccomp profile",
|
||||
"default": "RuntimeDefault"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"containerPorts": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"http": {
|
||||
"type": "number",
|
||||
"description": "Dashboard http container port",
|
||||
"default": 8080
|
||||
},
|
||||
"https": {
|
||||
"type": "number",
|
||||
"description": "Dashboard https container port",
|
||||
"default": 8443
|
||||
}
|
||||
}
|
||||
},
|
||||
"livenessProbe": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable livenessProbe on Dashboard container",
|
||||
"default": true
|
||||
},
|
||||
"initialDelaySeconds": {
|
||||
"type": "number",
|
||||
"description": "Initial delay seconds for livenessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"periodSeconds": {
|
||||
"type": "number",
|
||||
"description": "Period seconds for livenessProbe",
|
||||
"default": 10
|
||||
},
|
||||
"timeoutSeconds": {
|
||||
"type": "number",
|
||||
"description": "Timeout seconds for livenessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"failureThreshold": {
|
||||
"type": "number",
|
||||
"description": "Failure threshold for livenessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"successThreshold": {
|
||||
"type": "number",
|
||||
"description": "Success threshold for livenessProbe",
|
||||
"default": 1
|
||||
}
|
||||
}
|
||||
},
|
||||
"readinessProbe": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable readinessProbe on Dashboard container",
|
||||
"default": true
|
||||
},
|
||||
"initialDelaySeconds": {
|
||||
"type": "number",
|
||||
"description": "Initial delay seconds for readinessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"periodSeconds": {
|
||||
"type": "number",
|
||||
"description": "Period seconds for readinessProbe",
|
||||
"default": 10
|
||||
},
|
||||
"timeoutSeconds": {
|
||||
"type": "number",
|
||||
"description": "Timeout seconds for readinessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"failureThreshold": {
|
||||
"type": "number",
|
||||
"description": "Failure threshold for readinessProbe",
|
||||
"default": 5
|
||||
},
|
||||
"successThreshold": {
|
||||
"type": "number",
|
||||
"description": "Success threshold for readinessProbe",
|
||||
"default": 1
|
||||
}
|
||||
}
|
||||
},
|
||||
"startupProbe": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable startupProbe on Dashboard container",
|
||||
"default": false
|
||||
},
|
||||
"initialDelaySeconds": {
|
||||
"type": "number",
|
||||
"description": "Initial delay seconds for startupProbe",
|
||||
"default": 5
|
||||
},
|
||||
"periodSeconds": {
|
||||
"type": "number",
|
||||
"description": "Period seconds for startupProbe",
|
||||
"default": 10
|
||||
},
|
||||
"timeoutSeconds": {
|
||||
"type": "number",
|
||||
"description": "Timeout seconds for startupProbe",
|
||||
"default": 5
|
||||
},
|
||||
"failureThreshold": {
|
||||
"type": "number",
|
||||
"description": "Failure threshold for startupProbe",
|
||||
"default": 5
|
||||
},
|
||||
"successThreshold": {
|
||||
"type": "number",
|
||||
"description": "Success threshold for startupProbe",
|
||||
"default": 1
|
||||
}
|
||||
}
|
||||
},
|
||||
"customLivenessProbe": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Custom livenessProbe that overrides the default one",
|
||||
"default": {}
|
||||
},
|
||||
"customReadinessProbe": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Custom readinessProbe that overrides the default one",
|
||||
"default": {}
|
||||
},
|
||||
"customStartupProbe": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Custom startupProbe that overrides the default one",
|
||||
"default": {}
|
||||
},
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"limits": {
|
||||
"type": "object",
|
||||
"description": "The resources limits for the Dashboard container",
|
||||
"default": {}
|
||||
},
|
||||
"requests": {
|
||||
"type": "object",
|
||||
"description": "The requested resources for the Dashboard container",
|
||||
"default": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"containerSecurityContext": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enabled Dashboard container' Security Context",
|
||||
"default": true
|
||||
},
|
||||
"runAsUser": {
|
||||
"type": "number",
|
||||
"description": "Set Dashboard container' Security Context runAsUser",
|
||||
"default": 1001
|
||||
},
|
||||
"runAsNonRoot": {
|
||||
"type": "boolean",
|
||||
"description": "Set Dashboard container' Security Context runAsNonRoot",
|
||||
"default": true
|
||||
},
|
||||
"readOnlyRootFilesystem": {
|
||||
"type": "boolean",
|
||||
"description": "Set Dashboard container' Security Context runAsNonRoot",
|
||||
"default": true
|
||||
},
|
||||
"allowPrivilegeEscalation": {
|
||||
"type": "boolean",
|
||||
"description": "Set Dashboard container's privilege escalation",
|
||||
"default": false
|
||||
},
|
||||
"capabilities": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"drop": {
|
||||
"type": "array",
|
||||
"description": "Set Dashboard container's Security Context runAsNonRoot",
|
||||
"default": [
|
||||
"ALL"
|
||||
],
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"command": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Override default container command (useful when using custom images)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"args": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Override default container args (useful when using custom images)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"lifecycleHooks": {
|
||||
"type": ["object", "string"],
|
||||
"description": "for the Dashboard container(s) to automate configuration before or after startup",
|
||||
"default": {}
|
||||
},
|
||||
"extraEnvVars": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Array with extra environment variables to add to Dashboard nodes",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"extraEnvVarsCM": {
|
||||
"type": "string",
|
||||
"description": "Name of existing ConfigMap containing extra env vars for Dashboard nodes",
|
||||
"default": ""
|
||||
},
|
||||
"extraEnvVarsSecret": {
|
||||
"type": "string",
|
||||
"description": "Name of existing Secret containing extra env vars for Dashboard nodes",
|
||||
"default": ""
|
||||
},
|
||||
"extraVolumeMounts": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Optionally specify extra list of additional volumeMounts for the APISIX Dashboard container",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"service": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard service type",
|
||||
"default": "LoadBalancer"
|
||||
},
|
||||
"ports": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"http": {
|
||||
"type": "number",
|
||||
"description": "APISIX Dashboard service HTTP",
|
||||
"default": 80
|
||||
},
|
||||
"https": {
|
||||
"type": "number",
|
||||
"description": "APISIX Dashboard service HTTPS",
|
||||
"default": 443
|
||||
}
|
||||
}
|
||||
},
|
||||
"nodePorts": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"http": {
|
||||
"type": "string",
|
||||
"description": "Node port for HTTP",
|
||||
"default": ""
|
||||
},
|
||||
"https": {
|
||||
"type": "string",
|
||||
"description": "Node port for HTTPS",
|
||||
"default": ""
|
||||
}
|
||||
}
|
||||
},
|
||||
"clusterIP": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard service Cluster IP",
|
||||
"default": ""
|
||||
},
|
||||
"loadBalancerIP": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard service Load Balancer IP",
|
||||
"default": ""
|
||||
},
|
||||
"loadBalancerSourceRanges": {
|
||||
"type": "array",
|
||||
"description": "APISIX Dashboard service Load Balancer sources",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"externalTrafficPolicy": {
|
||||
"type": "string",
|
||||
"description": "APISIX Dashboard service external traffic policy",
|
||||
"default": "Cluster"
|
||||
},
|
||||
"annotations": {
|
||||
"type": "object",
|
||||
"description": "Additional custom annotations for APISIX Dashboard service",
|
||||
"default": {}
|
||||
},
|
||||
"extraPorts": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Extra ports to expose in APISIX Dashboard service (normally used with the `sidecars` value)",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"sessionAffinity": {
|
||||
"type": "string",
|
||||
"description": "Control where web requests go, to the same pod or round-robin",
|
||||
"default": "None"
|
||||
},
|
||||
"sessionAffinityConfig": {
|
||||
"type": ["object", "string"],
|
||||
"description": "Additional settings for the sessionAffinity",
|
||||
"default": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"ingress": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable ingress record generation for Apisix",
|
||||
"default": false
|
||||
},
|
||||
"pathType": {
|
||||
"type": "string",
|
||||
"description": "Ingress path type",
|
||||
"default": "ImplementationSpecific"
|
||||
},
|
||||
"apiVersion": {
|
||||
"type": "string",
|
||||
"description": "Force Ingress API version (automatically detected if not set)",
|
||||
"default": ""
|
||||
},
|
||||
"hostname": {
|
||||
"type": "string",
|
||||
"description": "Default host for the ingress record",
|
||||
"default": "apisix-dashboard.local"
|
||||
},
|
||||
"ingressClassName": {
|
||||
"type": "string",
|
||||
"description": "IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)",
|
||||
"default": ""
|
||||
},
|
||||
"path": {
|
||||
"type": "string",
|
||||
"description": "Default path for the ingress record",
|
||||
"default": "/"
|
||||
},
|
||||
"annotations": {
|
||||
"type": "object",
|
||||
"description": "Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.",
|
||||
"default": {}
|
||||
},
|
||||
"tls": {
|
||||
"type": "boolean",
|
||||
"description": "Enable TLS configuration for the host defined at `dashboard.ingress.hostname` parameter",
|
||||
"default": false
|
||||
},
|
||||
"selfSigned": {
|
||||
"type": "boolean",
|
||||
"description": "Create a TLS secret for this ingress record using self-signed certificates generated by Helm",
|
||||
"default": false
|
||||
},
|
||||
"extraHosts": {
|
||||
"type": "array",
|
||||
"description": "An array with additional hostname(s) to be covered with the ingress record",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"extraPaths": {
|
||||
"type": "array",
|
||||
"description": "An array with additional arbitrary paths that may need to be added to the ingress under the main host",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"extraTls": {
|
||||
"type": ["array", "string"],
|
||||
"description": "TLS configuration for additional hostname(s) to be covered with this ingress record",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"secrets": {
|
||||
"type": "array",
|
||||
"description": "Custom TLS certificates as secrets",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"extraRules": {
|
||||
"type": ["array", "string"],
|
||||
"description": "Additional rules to be covered with this ingress record",
|
||||
"default": [],
|
||||
"items": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"autoscaling": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"vpa": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable VPA",
|
||||
"default": false
|
||||
},
|
||||
"annotations": {
|
||||
"type": "object",
|
||||
"description": "Annotations for VPA resource",
|
||||
"default": {}
|
||||
},
|
||||
"controlledResources": {
|
||||
"type": "array",
|
||||
"description": "VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"maxAllowed": {
|
||||
"type": "object",
|
||||
"description": "VPA Max allowed resources for the pod",
|
||||
"default": {}
|
||||
},
|
||||
"minAllowed": {
|
||||
"type": "object",
|
||||
"description": "VPA Min allowed resources for the pod",
|
||||
"default": {}
|
||||
},
|
||||
"updatePolicy": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"updateMode": {
|
||||
"type": "string",
|
||||
"description": "Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod",
|
||||
"default": "Auto"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"hpa": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable HPA for APISIX Dashboard",
|
||||
"default": false
|
||||
},
|
||||
"minReplicas": {
|
||||
"type": "string",
|
||||
"description": "Minimum number of APISIX Dashboard replicas",
|
||||
"default": ""
|
||||
},
|
||||
"maxReplicas": {
|
||||
"type": "string",
|
||||
"description": "Maximum number of APISIX Dashboard replicas",
|
||||
"default": ""
|
||||
},
|
||||
"targetCPU": {
|
||||
"type": "string",
|
||||
"description": "Target CPU utilization percentage",
|
||||
"default": ""
|
||||
},
|
||||
"targetMemory": {
|
||||
"type": "string",
|
||||
"description": "Target Memory utilization percentage",
|
||||
"default": ""
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"serviceAccount": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"create": {
|
||||
"type": "boolean",
|
||||
"description": "Specifies whether a ServiceAccount should be created",
|
||||
"default": true
|
||||
},
|
||||
"name": {
|
||||
"type": "string",
|
||||
"description": "The name of the ServiceAccount to use.",
|
||||
"default": ""
|
||||
},
|
||||
"annotations": {
|
||||
"type": "object",
|
||||
"description": "Additional Service Account annotations (evaluated as a template)",
|
||||
"default": {}
|
||||
},
|
||||
"automountServiceAccountToken": {
|
||||
"type": "boolean",
|
||||
"description": "Automount service account token for the server service account",
|
||||
"default": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"ingressController": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@@ -3306,7 +2526,7 @@
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable ingress record generation for Apisix",
|
||||
"description": "Enable ingress record generation for APISIX",
|
||||
"default": false
|
||||
},
|
||||
"pathType": {
|
||||
|
||||
@@ -907,6 +907,9 @@ controlPlane:
|
||||
## @param controlPlane.useDaemonSet Deploy as DaemonSet
|
||||
##
|
||||
useDaemonSet: false
|
||||
## @param controlPlane.dashboardEnabled Enable APISIX Control Plane to expose APISIX Dashboards
|
||||
##
|
||||
dashboardEnabled: true
|
||||
## @param controlPlane.containerPorts.adminAPI APISIX Control Plane Admin API port
|
||||
## @param controlPlane.containerPorts.configServer APISIX Control Plane config port
|
||||
## @param controlPlane.containerPorts.control APISIX Control Plane control port
|
||||
@@ -1124,10 +1127,8 @@ controlPlane:
|
||||
admin_ssl_cert: /bitnami/certs/{{ .Values.controlPlane.tls.certFilename }}
|
||||
admin_ssl_cert_key: /bitnami/certs/{{ .Values.controlPlane.tls.certKeyFilename }}
|
||||
{{- end }}
|
||||
|
||||
allow_admin:
|
||||
- 0.0.0.0/0
|
||||
|
||||
admin_key:
|
||||
- name: admin
|
||||
key: "{{ print "{{APISIX_ADMIN_API_TOKEN}}" }}"
|
||||
@@ -1138,21 +1139,18 @@ controlPlane:
|
||||
admin_listen:
|
||||
port: {{ .Values.controlPlane.containerPorts.adminAPI }}
|
||||
enable_admin_cors: true # Admin API support CORS response headers.
|
||||
enable_admin_ui: {{ ternary "true" "false" .Values.controlPlane.dashboardEnabled }}
|
||||
discovery:
|
||||
kubernetes:
|
||||
service:
|
||||
schema: https #default https
|
||||
|
||||
# apiserver host, options [ipv4, ipv6, domain, environment variable]
|
||||
host: ${KUBERNETES_SERVICE_HOST}
|
||||
|
||||
# apiserver port, options [port number, environment variable]
|
||||
port: ${KUBERNETES_SERVICE_PORT}
|
||||
|
||||
client:
|
||||
# serviceaccount token or token_file
|
||||
token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0
|
||||
## @param controlPlane.extraConfig [object] extra configuration parameters to add to the config.yaml file in APISIX Control plane
|
||||
##
|
||||
@@ -1682,755 +1680,7 @@ controlPlane:
|
||||
## prometheus: my-prometheus
|
||||
##
|
||||
selector: {}
|
||||
## @section APISIX Dashboard Parameters
|
||||
##
|
||||
dashboard:
|
||||
## @param dashboard.enabled Enable APISIX Dashboard
|
||||
##
|
||||
enabled: true
|
||||
## @param dashboard.replicaCount Number of APISIX Dashboard replicas to deploy
|
||||
##
|
||||
replicaCount: 1
|
||||
## Bitnami APISIX Dashboard image
|
||||
## ref: https://hub.docker.com/r/bitnami/apisix-dashboard/tags/
|
||||
## @param dashboard.image.registry [default: REGISTRY_NAME] APISIX Dashboard image registry
|
||||
## @param dashboard.image.repository [default: REPOSITORY_NAME/apisix-dashboard] APISIX Dashboard image repository
|
||||
## @skip dashboard.image.tag APISIX Dashboard image tag (immutable tags are recommended)
|
||||
## @param dashboard.image.digest APISIX Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
|
||||
## @param dashboard.image.pullPolicy APISIX Dashboard image pull policy
|
||||
## @param dashboard.image.pullSecrets APISIX Dashboard image pull secrets
|
||||
## @param dashboard.image.debug Enable APISIX Dashboard image debug mode
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apisix-dashboard
|
||||
tag: 3.0.1-debian-12-r80
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## Enable debug mode
|
||||
##
|
||||
debug: false
|
||||
## @param dashboard.username APISIX Dashboard username
|
||||
##
|
||||
username: user
|
||||
## @param dashboard.password APISIX Dashboard password
|
||||
##
|
||||
password: ""
|
||||
## @param dashboard.existingSecret Name of a existing secret containing the password for APISIX Dashboard
|
||||
##
|
||||
existingSecret: ""
|
||||
## @param dashboard.existingSecretPasswordKey Key inside the secret containing the password for APISIX Dashboard
|
||||
##
|
||||
existingSecretPasswordKey: ""
|
||||
## @param dashboard.defaultConfig [string] APISIX Dashboard configuration (evaluated as a template)
|
||||
##
|
||||
defaultConfig: |
|
||||
conf:
|
||||
listen:
|
||||
host: 0.0.0.0
|
||||
port: {{ .Values.dashboard.containerPorts.http }}
|
||||
{{- if .Values.dashboard.tls.enabled }}
|
||||
ssl:
|
||||
host: 0.0.0.0
|
||||
port: {{ .Values.dashboard.containerPorts.https }}
|
||||
cert: /bitnami/certs/{{ .Values.dashboard.tls.certFilename }}
|
||||
key: /bitnami/certs/{{ .Values.dashboard.tls.certKeyFilename }}
|
||||
{{- end }}
|
||||
etcd:
|
||||
prefix: "/apisix"
|
||||
endpoints:
|
||||
{{- if .Values.etcd.enabled }}
|
||||
{{- $replicas := $.Values.etcd.replicaCount | int }}
|
||||
{{- range $i, $_e := until $replicas }}
|
||||
- {{ printf "%s://%s-%d.%s:%v" (ternary "https" "http" $.Values.etcd.auth.client.secureTransport) (include "apisix.etcd.fullname" $ ) $i (include "apisix.etcd.headlessServiceName" $) ( include "apisix.etcd.port" $ ) }} {{- end }}
|
||||
{{- else }}
|
||||
{{- range $node :=.Values.externalEtcd.servers }}
|
||||
- {{ printf "%s:%v" $node (include "apisix.etcd.port" $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (include "apisix.etcd.authEnabled" .) }}
|
||||
username: "{{ print "{{ APISIX_ETCD_USER }}" }}"
|
||||
password: "{{ print "{{ APISIX_ETCD_PASSWORD }}" }}"
|
||||
{{- end }}
|
||||
log:
|
||||
error_log:
|
||||
level: warn
|
||||
file_path: /dev/stderr
|
||||
access_log:
|
||||
file_path: /dev/stdout
|
||||
authentication:
|
||||
secret: secret
|
||||
expire_time: 3600
|
||||
users:
|
||||
- username: "{{ print "{{ APISIX_DASHBOARD_USER }}" }}"
|
||||
password: "{{ print "{{ APISIX_DASHBOARD_PASSWORD }}" }}"
|
||||
plugins:
|
||||
- api-breaker
|
||||
- authz-casbin
|
||||
- authz-casdoor
|
||||
- authz-keycloak
|
||||
- aws-lambda
|
||||
- azure-functions
|
||||
- basic-auth
|
||||
# - batch-requests
|
||||
- clickhouse-logger
|
||||
- client-control
|
||||
- consumer-restriction
|
||||
- cors
|
||||
- csrf
|
||||
- datadog
|
||||
# - dubbo-proxy
|
||||
- echo
|
||||
- error-log-logger
|
||||
# - example-plugin
|
||||
- ext-plugin-post-req
|
||||
- ext-plugin-post-resp
|
||||
- ext-plugin-pre-req
|
||||
- fault-injection
|
||||
- file-logger
|
||||
- forward-auth
|
||||
- google-cloud-logging
|
||||
- grpc-transcode
|
||||
- grpc-web
|
||||
- gzip
|
||||
- hmac-auth
|
||||
- http-logger
|
||||
- ip-restriction
|
||||
- jwt-auth
|
||||
- kafka-logger
|
||||
- kafka-proxy
|
||||
- key-auth
|
||||
- ldap-auth
|
||||
- limit-conn
|
||||
- limit-count
|
||||
- limit-req
|
||||
- loggly
|
||||
# - log-rotate
|
||||
- mocking
|
||||
# - node-status
|
||||
- opa
|
||||
- openid-connect
|
||||
- opentelemetry
|
||||
- openwhisk
|
||||
- prometheus
|
||||
- proxy-cache
|
||||
- proxy-control
|
||||
- proxy-mirror
|
||||
- proxy-rewrite
|
||||
- public-api
|
||||
- real-ip
|
||||
- redirect
|
||||
- referer-restriction
|
||||
- request-id
|
||||
- request-validation
|
||||
- response-rewrite
|
||||
- rocketmq-logger
|
||||
- server-info
|
||||
- serverless-post-function
|
||||
- serverless-pre-function
|
||||
- skywalking
|
||||
- skywalking-logger
|
||||
- sls-logger
|
||||
- splunk-hec-logging
|
||||
- syslog
|
||||
- tcp-logger
|
||||
- traffic-split
|
||||
- ua-restriction
|
||||
- udp-logger
|
||||
- uri-blocker
|
||||
- wolf-rbac
|
||||
- zipkin
|
||||
- elasticsearch-logge
|
||||
- openfunction
|
||||
- tencent-cloud-cls
|
||||
- ai
|
||||
- cas-auth
|
||||
- multi-auth
|
||||
|
||||
## @param dashboard.extraConfig extra configuration settings for APISIX Dashboard
|
||||
##
|
||||
extraConfig: {}
|
||||
## @param dashboard.existingConfigMap name of a ConfigMap with existing configuration for APISIX Dashboard
|
||||
##
|
||||
existingConfigMap: ""
|
||||
## @param dashboard.extraConfigExistingConfigMap name of a ConfigMap with existing configuration for APISIX Dashboard
|
||||
##
|
||||
extraConfigExistingConfigMap: ""
|
||||
tls:
|
||||
## @param dashboard.tls.enabled Enable TLS transport in APISIX Dashboard
|
||||
##
|
||||
enabled: true
|
||||
## @param dashboard.tls.autoGenerated Auto-generate self-signed certificates
|
||||
##
|
||||
autoGenerated: true
|
||||
## @param dashboard.tls.existingSecret Name of a secret containing the certificates
|
||||
##
|
||||
existingSecret: ""
|
||||
## @param dashboard.tls.certFilename Path of the certificate file when mounted as a secret
|
||||
##
|
||||
certFilename: tls.crt
|
||||
## @param dashboard.tls.certKeyFilename Path of the certificate key file when mounted as a secret
|
||||
##
|
||||
certKeyFilename: tls.key
|
||||
## @param dashboard.tls.certCAFilename Path of the certificate CA file when mounted as a secret
|
||||
##
|
||||
certCAFilename: ca.crt
|
||||
## @param dashboard.tls.cert Content of the certificate to be added to the secret
|
||||
##
|
||||
cert: ""
|
||||
## @param dashboard.tls.key Content of the certificate key to be added to the secret
|
||||
##
|
||||
key: ""
|
||||
## @param dashboard.tls.ca Content of the certificate CA to be added to the secret
|
||||
##
|
||||
ca: ""
|
||||
## @param dashboard.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param dashboard.hostAliases APISIX Dashboard pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
hostAliases: []
|
||||
## @param dashboard.podLabels Extra labels for APISIX Dashboard pods
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||||
##
|
||||
podLabels: {}
|
||||
## @param dashboard.podAnnotations Annotations for APISIX Dashboard pods
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
## @param dashboard.podAffinityPreset Pod affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAffinityPreset: ""
|
||||
## @param dashboard.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||||
##
|
||||
podAntiAffinityPreset: soft
|
||||
## Node dashboard.affinity preset
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
||||
##
|
||||
nodeAffinityPreset:
|
||||
## @param dashboard.nodeAffinityPreset.type Node affinity preset type. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard`
|
||||
##
|
||||
type: ""
|
||||
## @param dashboard.nodeAffinityPreset.key Node label key to match. Ignored if `dashboard.affinity` is set
|
||||
##
|
||||
key: ""
|
||||
## @param dashboard.nodeAffinityPreset.values Node label values to match. Ignored if `dashboard.affinity` is set
|
||||
## E.g.
|
||||
## values:
|
||||
## - e2e-az1
|
||||
## - e2e-az2
|
||||
##
|
||||
values: []
|
||||
## @param dashboard.affinity Affinity for APISIX Dashboard pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
## NOTE: `dashboard.podAffinityPreset`, `dashboard.podAntiAffinityPreset`, and `dashboard.nodeAffinityPreset` will be ignored when it's set
|
||||
##
|
||||
affinity: {}
|
||||
## @param dashboard.nodeSelector Node labels for APISIX Dashboard pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## @param dashboard.tolerations Tolerations for APISIX Dashboard pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
## @param dashboard.updateStrategy.type APISIX Dashboard statefulset strategy type
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
||||
##
|
||||
updateStrategy:
|
||||
## StrategyType
|
||||
## Can be set to RollingUpdate or OnDelete
|
||||
##
|
||||
type: RollingUpdate
|
||||
## Pod Disruption Budget configuration
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
||||
## @param dashboard.pdb.create Enable/disable a Pod Disruption Budget creation
|
||||
## @param dashboard.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
||||
## @param dashboard.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
||||
##
|
||||
pdb:
|
||||
create: true
|
||||
minAvailable: ""
|
||||
maxUnavailable: ""
|
||||
## @param dashboard.priorityClassName APISIX Dashboard pods' priorityClassName
|
||||
##
|
||||
priorityClassName: ""
|
||||
## @param dashboard.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
||||
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
||||
##
|
||||
topologySpreadConstraints: []
|
||||
## @param dashboard.schedulerName Name of the k8s scheduler (other than default) for APISIX Dashboard pods
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
schedulerName: ""
|
||||
## @param dashboard.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
||||
##
|
||||
terminationGracePeriodSeconds: ""
|
||||
## @param dashboard.extraVolumes Optionally specify extra list of additional volumes for the APISIX Dashboard pod(s)
|
||||
##
|
||||
extraVolumes: []
|
||||
## @param dashboard.sidecars Add additional sidecar containers to the APISIX Dashboard pod(s)
|
||||
## e.g:
|
||||
## sidecars:
|
||||
## - name: your-image-name
|
||||
## image: your-image
|
||||
## imagePullPolicy: Always
|
||||
## ports:
|
||||
## - name: portname
|
||||
## containerPort: 1234
|
||||
##
|
||||
sidecars: []
|
||||
## @param dashboard.initContainers Add additional init containers to the APISIX Dashboard pod(s)
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
||||
## e.g:
|
||||
## initContainers:
|
||||
## - name: your-image-name
|
||||
## image: your-image
|
||||
## imagePullPolicy: Always
|
||||
## command: ['sh', '-c', 'echo "hello world"']
|
||||
##
|
||||
initContainers: []
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
|
||||
## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
||||
## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
||||
## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups
|
||||
## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
fsGroup: 1001
|
||||
## @param dashboard.containerPorts.http APISIX Dashboard http container port
|
||||
## @param dashboard.containerPorts.https APISIX Dashboard https container port
|
||||
##
|
||||
containerPorts:
|
||||
http: 8080
|
||||
https: 8443
|
||||
## Configure extra options for APISIX Dashboard containers' liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
||||
## @param dashboard.livenessProbe.enabled Enable livenessProbe on APISIX Dashboard container
|
||||
## @param dashboard.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
||||
## @param dashboard.livenessProbe.periodSeconds Period seconds for livenessProbe
|
||||
## @param dashboard.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
||||
## @param dashboard.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
||||
## @param dashboard.livenessProbe.successThreshold Success threshold for livenessProbe
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## @param dashboard.readinessProbe.enabled Enable readinessProbe on APISIX Dashboard container
|
||||
## @param dashboard.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
||||
## @param dashboard.readinessProbe.periodSeconds Period seconds for readinessProbe
|
||||
## @param dashboard.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
||||
## @param dashboard.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
||||
## @param dashboard.readinessProbe.successThreshold Success threshold for readinessProbe
|
||||
##
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## @param dashboard.startupProbe.enabled Enable startupProbe on APISIX Dashboard container
|
||||
## @param dashboard.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
||||
## @param dashboard.startupProbe.periodSeconds Period seconds for startupProbe
|
||||
## @param dashboard.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
||||
## @param dashboard.startupProbe.failureThreshold Failure threshold for startupProbe
|
||||
## @param dashboard.startupProbe.successThreshold Success threshold for startupProbe
|
||||
##
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
## @param dashboard.customLivenessProbe Custom livenessProbe that overrides the default one
|
||||
##
|
||||
customLivenessProbe: {}
|
||||
## @param dashboard.customReadinessProbe Custom readinessProbe that overrides the default one
|
||||
##
|
||||
customReadinessProbe: {}
|
||||
## @param dashboard.customStartupProbe Custom startupProbe that overrides the default one
|
||||
##
|
||||
customStartupProbe: {}
|
||||
## Dashboard resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "nano"
|
||||
## @param dashboard.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param dashboard.containerSecurityContext.enabled Enabled APISIX Dashboard containers' Security Context
|
||||
## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param dashboard.containerSecurityContext.runAsUser Set APISIX Dashboard containers' Security Context runAsUser
|
||||
## @param dashboard.containerSecurityContext.runAsGroup Set APISIX Dashboard containers' Security Context runAsGroup
|
||||
## @param dashboard.containerSecurityContext.runAsNonRoot Set APISIX Dashboard containers' Security Context runAsNonRoot
|
||||
## @param dashboard.containerSecurityContext.privileged Set APISIX Dashboard containers' Security Context privileged
|
||||
## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set APISIX Dashboard containers' Security Context readOnlyRootFilesystem
|
||||
## @param dashboard.containerSecurityContext.allowPrivilegeEscalation Set APISIX Dashboard containers' privilege escalation
|
||||
## @param dashboard.containerSecurityContext.capabilities.drop Set APISIX Dashboard containers' Security Context capabilities drop
|
||||
## @param dashboard.containerSecurityContext.seccompProfile.type Set APISIX Dashboard containers' Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
## @param dashboard.command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
## @param dashboard.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param dashboard.lifecycleHooks for the APISIX Dashboard container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param dashboard.extraEnvVars Array with extra environment variables to add to APISIX Dashboard nodes
|
||||
## e.g:
|
||||
## extraEnvVars:
|
||||
## - name: FOO
|
||||
## value: "bar"
|
||||
##
|
||||
extraEnvVars: []
|
||||
## @param dashboard.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for APISIX Dashboard nodes
|
||||
##
|
||||
extraEnvVarsCM: ""
|
||||
## @param dashboard.extraEnvVarsSecret Name of existing Secret containing extra env vars for APISIX Dashboard nodes
|
||||
##
|
||||
extraEnvVarsSecret: ""
|
||||
## @param dashboard.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the APISIX Dashboard container
|
||||
##
|
||||
extraVolumeMounts: []
|
||||
## @section APISIX Dashboard Traffic Exposure Parameters
|
||||
##
|
||||
service:
|
||||
## @param dashboard.service.type APISIX Dashboard service type
|
||||
##
|
||||
type: LoadBalancer
|
||||
## @param dashboard.service.ports.http APISIX Dashboard service HTTP
|
||||
## @param dashboard.service.ports.https APISIX Dashboard service HTTPS
|
||||
##
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
## Node ports to expose
|
||||
## @param dashboard.service.nodePorts.http Node port for HTTP
|
||||
## @param dashboard.service.nodePorts.https Node port for HTTPS
|
||||
## NOTE: choose port between <30000-32767>
|
||||
##
|
||||
nodePorts:
|
||||
http: ""
|
||||
https: ""
|
||||
## @param dashboard.service.clusterIP APISIX Dashboard service Cluster IP
|
||||
## e.g.:
|
||||
## clusterIP: None
|
||||
##
|
||||
clusterIP: ""
|
||||
## @param dashboard.service.loadBalancerIP APISIX Dashboard service Load Balancer IP
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
||||
##
|
||||
loadBalancerIP: ""
|
||||
## @param dashboard.service.loadBalancerSourceRanges APISIX Dashboard service Load Balancer sources
|
||||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||||
## e.g:
|
||||
## loadBalancerSourceRanges:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param dashboard.service.externalIPs APISIX Dashboard service External IPs
|
||||
## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
|
||||
## e.g.
|
||||
## externalIPs:
|
||||
## - 10.10.10.1
|
||||
## - 201.22.30.1
|
||||
##
|
||||
externalIPs: []
|
||||
## @param dashboard.service.externalTrafficPolicy APISIX Dashboard service external traffic policy
|
||||
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-web-source-ip
|
||||
##
|
||||
externalTrafficPolicy: Cluster
|
||||
## @param dashboard.service.annotations Additional custom annotations for APISIX Dashboard service
|
||||
##
|
||||
annotations: {}
|
||||
## @param dashboard.service.extraPorts Extra ports to expose in APISIX Dashboard service (normally used with the `sidecars` value)
|
||||
##
|
||||
extraPorts: []
|
||||
## @param dashboard.service.sessionAffinity Control where web requests go, to the same pod or round-robin
|
||||
## Values: WebIP or None
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
||||
##
|
||||
sessionAffinity: None
|
||||
## @param dashboard.service.sessionAffinityConfig Additional settings for the sessionAffinity
|
||||
## sessionAffinityConfig:
|
||||
## webIP:
|
||||
## timeoutSeconds: 300
|
||||
##
|
||||
sessionAffinityConfig: {}
|
||||
## Network Policies
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||
##
|
||||
networkPolicy:
|
||||
## @param dashboard.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||
##
|
||||
enabled: true
|
||||
## @param dashboard.networkPolicy.allowExternal Don't require server label for connections
|
||||
## The Policy model to apply. When set to false, only pods with the correct
|
||||
## server label will have network access to the ports server is listening
|
||||
## on. When true, server will accept connections from any source
|
||||
## (with the correct destination port).
|
||||
##
|
||||
allowExternal: true
|
||||
## @param dashboard.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||
##
|
||||
allowExternalEgress: true
|
||||
## @param dashboard.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraIngress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## from:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
extraIngress: []
|
||||
## @param dashboard.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
|
||||
## e.g:
|
||||
## extraEgress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## to:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
##
|
||||
extraEgress: []
|
||||
## @param dashboard.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
||||
## @param dashboard.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
||||
##
|
||||
ingressNSMatchLabels: {}
|
||||
ingressNSPodMatchLabels: {}
|
||||
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
|
||||
##
|
||||
ingress:
|
||||
## @param dashboard.ingress.enabled Enable ingress record generation for APISIX Dashboard
|
||||
##
|
||||
enabled: false
|
||||
## @param dashboard.ingress.pathType Ingress path type
|
||||
##
|
||||
pathType: ImplementationSpecific
|
||||
## @param dashboard.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
||||
##
|
||||
apiVersion: ""
|
||||
## @param dashboard.ingress.hostname Default host for the ingress record
|
||||
##
|
||||
hostname: apisix-dashboard.local
|
||||
## @param dashboard.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
||||
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
||||
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
||||
##
|
||||
ingressClassName: ""
|
||||
## @param dashboard.ingress.path Default path for the ingress record
|
||||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||||
##
|
||||
path: /
|
||||
## @param dashboard.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||||
## Use this parameter to set the required annotations for cert-manager, see
|
||||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||||
## e.g:
|
||||
## annotations:
|
||||
## kubernetes.io/ingress.class: nginx
|
||||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||||
##
|
||||
annotations: {}
|
||||
## @param dashboard.ingress.tls Enable TLS configuration for the host defined at `dashboard.ingress.hostname` parameter
|
||||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||||
## You can:
|
||||
## - Use the `dashboard.ingress.secrets` parameter to create this TLS secret
|
||||
## - Rely on cert-manager to create it by setting the corresponding annotations
|
||||
## - Rely on Helm to create self-signed certificates by setting `dashboard.ingress.selfSigned=true`
|
||||
##
|
||||
tls: false
|
||||
## @param dashboard.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||||
##
|
||||
selfSigned: false
|
||||
## @param dashboard.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
|
||||
## e.g:
|
||||
## extraHosts:
|
||||
## - name: apisix.local
|
||||
## path: /
|
||||
##
|
||||
extraHosts: []
|
||||
## @param dashboard.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
|
||||
## e.g:
|
||||
## extraPaths:
|
||||
## - path: /*
|
||||
## backend:
|
||||
## serviceName: ssl-redirect
|
||||
## servicePort: use-annotation
|
||||
##
|
||||
extraPaths: []
|
||||
## @param dashboard.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
||||
## e.g:
|
||||
## extraTls:
|
||||
## - hosts:
|
||||
## - apisix.local
|
||||
## secretName: apisix.local-tls
|
||||
##
|
||||
extraTls: []
|
||||
## @param dashboard.ingress.secrets Custom TLS certificates as secrets
|
||||
## NOTE: 'key' and 'certificate' are expected in PEM format
|
||||
## NOTE: 'name' should line up with a 'secretName' set further up
|
||||
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
|
||||
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
|
||||
## It is also possible to create and manage the certificates outside of this helm chart
|
||||
## Please see README.md for more information
|
||||
## e.g:
|
||||
## secrets:
|
||||
## - name: apisix.local-tls
|
||||
## key: |-
|
||||
## -----BEGIN RSA PRIVATE KEY-----
|
||||
## ...
|
||||
## -----END RSA PRIVATE KEY-----
|
||||
## certificate: |-
|
||||
## -----BEGIN CERTIFICATE-----
|
||||
## ...
|
||||
## -----END CERTIFICATE-----
|
||||
##
|
||||
secrets: []
|
||||
## @param dashboard.ingress.extraRules Additional rules to be covered with this ingress record
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
||||
## e.g:
|
||||
## extraRules:
|
||||
## - host: example.local
|
||||
## http:
|
||||
## path: /
|
||||
## backend:
|
||||
## service:
|
||||
## name: example-svc
|
||||
## port:
|
||||
## name: http
|
||||
##
|
||||
extraRules: []
|
||||
## @section APISIX Dashboard Autoscaling configuration
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
||||
##
|
||||
autoscaling:
|
||||
vpa:
|
||||
## @param dashboard.autoscaling.vpa.enabled Enable VPA
|
||||
##
|
||||
enabled: false
|
||||
## @param dashboard.autoscaling.vpa.annotations Annotations for VPA resource
|
||||
##
|
||||
annotations: {}
|
||||
## @param dashboard.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
||||
##
|
||||
controlledResources: []
|
||||
## @param dashboard.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
|
||||
## cpu: 200m
|
||||
## memory: 100Mi
|
||||
maxAllowed: {}
|
||||
## @param dashboard.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
|
||||
## cpu: 200m
|
||||
## memory: 100Mi
|
||||
minAllowed: {}
|
||||
updatePolicy:
|
||||
## @param dashboard.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
|
||||
## Possible values are "Off", "Initial", "Recreate", and "Auto".
|
||||
##
|
||||
updateMode: Auto
|
||||
hpa:
|
||||
## @param dashboard.autoscaling.hpa.enabled Enable HPA for APISIX Dashboard
|
||||
##
|
||||
enabled: false
|
||||
## @param dashboard.autoscaling.hpa.minReplicas Minimum number of APISIX Dashboard replicas
|
||||
##
|
||||
minReplicas: ""
|
||||
## @param dashboard.autoscaling.hpa.maxReplicas Maximum number of APISIX Dashboard replicas
|
||||
##
|
||||
maxReplicas: ""
|
||||
## @param dashboard.autoscaling.hpa.targetCPU Target CPU utilization percentage
|
||||
##
|
||||
targetCPU: ""
|
||||
## @param dashboard.autoscaling.hpa.targetMemory Target Memory utilization percentage
|
||||
##
|
||||
targetMemory: ""
|
||||
## @section APISIX Dashboard RBAC Parameters
|
||||
##
|
||||
|
||||
## ServiceAccount configuration
|
||||
##
|
||||
serviceAccount:
|
||||
## @param dashboard.serviceAccount.create Specifies whether a ServiceAccount should be created
|
||||
##
|
||||
create: true
|
||||
## @param dashboard.serviceAccount.name The name of the ServiceAccount to use.
|
||||
## If not set and create is true, a name is generated using the common.names.fullname template
|
||||
##
|
||||
name: ""
|
||||
## @param dashboard.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
|
||||
##
|
||||
annotations: {}
|
||||
## @param dashboard.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @section APISIX Ingress Controller Parameters
|
||||
##
|
||||
ingressController:
|
||||
|
||||
Reference in New Issue
Block a user