# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # {{ if .Values.config.etcdserver.enabled }} apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-gw-configmap namespace: {{ .Release.Namespace }} labels: {{- include "apisix-ingress-controller.labels" . | nindent 4 }} data: config.yaml: > deployment: admin: allow_admin: - 127.0.0.0/24 - 0.0.0.0/0 admin_listen: ip: 0.0.0.0 port: 9180 etcd: host: - "http://127.0.0.1:12379" prefix: "/apisix" timeout: 60 apisix: enable_control: true enable_reuseport: true stream_proxy: only: false tcp: - 9100 - addr: 9110 tls: true udp: - 9200 ssl: enable: {{ .Values.gateway.tls.enabled }} listen: - port: {{ .Values.gateway.tls.containerPort }} enable_http2: {{ .Values.gateway.tls.http2.enabled }} {{- with .Values.gateway.tls.additionalContainerPorts }} {{- toYaml . | nindent 10}} {{- end }} ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }} ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }} ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}" {{- end }} {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.fallbackSNI }} fallback_sni: {{ .Values.gateway.tls.fallbackSNI | quote }} {{- end }} nginx_config: error_log: "{{ .Values.gateway.nginx.errorLog }}" error_log_level: "{{ .Values.gateway.nginx.errorLogLevel }}" # warn,error worker_processes: "{{ .Values.gateway.nginx.workerProcesses }}" worker_rlimit_nofile: {{ .Values.gateway.nginx.workerRlimitNofile }} # the number of files a worker process can open, should be larger than worker_connections event: worker_connections: {{ .Values.gateway.nginx.workerConnections }} plugins: # plugin list (sorted by priority) - real-ip # priority: 23000 - ai # priority: 22900 - client-control # priority: 22000 - proxy-control # priority: 21990 - request-id # priority: 12015 - zipkin # priority: 12011 #- skywalking # priority: 12010 #- opentelemetry # priority: 12009 - ext-plugin-pre-req # priority: 12000 - fault-injection # priority: 11000 - mocking # priority: 10900 - serverless-pre-function # priority: 10000 #- batch-requests # priority: 4010 - cors # priority: 4000 - ip-restriction # priority: 3000 - ua-restriction # priority: 2999 - referer-restriction # priority: 2990 - csrf # priority: 2980 - uri-blocker # priority: 2900 - request-validation # priority: 2800 - openid-connect # priority: 2599 - cas-auth # priority: 2597 - authz-casbin # priority: 2560 - authz-casdoor # priority: 2559 - wolf-rbac # priority: 2555 - ldap-auth # priority: 2540 - hmac-auth # priority: 2530 - basic-auth # priority: 2520 - jwt-auth # priority: 2510 - key-auth # priority: 2500 - consumer-restriction # priority: 2400 - forward-auth # priority: 2002 - opa # priority: 2001 - authz-keycloak # priority: 2000 #- error-log-logger # priority: 1091 - proxy-mirror # priority: 1010 - proxy-cache # priority: 1009 - proxy-rewrite # priority: 1008 - workflow # priority: 1006 - api-breaker # priority: 1005 - limit-conn # priority: 1003 - limit-count # priority: 1002 - limit-req # priority: 1001 #- node-status # priority: 1000 - gzip # priority: 995 - traffic-split # priority: 966 - redirect # priority: 900 - response-rewrite # priority: 899 - kafka-proxy # priority: 508 #- dubbo-proxy # priority: 507 - grpc-transcode # priority: 506 - grpc-web # priority: 505 - public-api # priority: 501 - prometheus # priority: 500 - datadog # priority: 495 - loki-logger # priority: 414 - elasticsearch-logger # priority: 413 - echo # priority: 412 - loggly # priority: 411 - http-logger # priority: 410 - splunk-hec-logging # priority: 409 - skywalking-logger # priority: 408 - google-cloud-logging # priority: 407 - sls-logger # priority: 406 - tcp-logger # priority: 405 - kafka-logger # priority: 403 - rocketmq-logger # priority: 402 - syslog # priority: 401 - udp-logger # priority: 400 - file-logger # priority: 399 - clickhouse-logger # priority: 398 - tencent-cloud-cls # priority: 397 - inspect # priority: 200 #- log-rotate # priority: 100 # <- recommend to use priority (0, 100) for your custom plugins - example-plugin # priority: 0 #- gm # priority: -43 - aws-lambda # priority: -1899 - azure-functions # priority: -1900 - openwhisk # priority: -1901 - openfunction # priority: -1902 - serverless-post-function # priority: -2000 - ext-plugin-post-req # priority: -3000 - ext-plugin-post-resp # priority: -4000 plugin_attr: prometheus: enable_export_server: {{ .Values.serviceMonitor.enabled }} {{- if .Values.serviceMonitor.enabled }} export_addr: ip: 0.0.0.0 port: 9091 export_uri: /apisix/prometheus/metrics metric_prefix: apisix_ {{- end }} {{ end }}