# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # -- Default values for apisix-ingress-controller. # This is a YAML-formatted file. # Declare variables to be passed into your templates. # nameOverride: "" fullnameOverride: "" # -- Override default labels assigned to Apache APISIX ingress controller resource labelsOverride: {} # labelsOverride: # app.kubernetes.io/name: "{{ .Release.Name }}" # app.kubernetes.io/instance: '{{ include "apisix-ingress-controller.name" . }}' # -- Add annotations to Apache APISIX ingress controller resource annotations: {} rbac: # -- Specifies whether RBAC resources should be created create: true serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true # -- The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Whether automounting API credentials for a service account automountServiceAccountToken: true replicaCount: 1 image: repository: apache/apisix-ingress-controller pullPolicy: IfNotPresent tag: "1.8.0" podAnnotations: {} priorityClassName: "" imagePullSecrets: [] clusterDomain: cluster.local service: port: 80 config: etcdserver: # -- Enable etcd server or not, default is false. enabled: false image: # -- Apache APISIX image repository repository: apache/apisix # -- Apache APISIX image pull policy pullPolicy: IfNotPresent # -- Apache APISIX image tag # Overrides the image tag whose default is the chart appVersion. tag: 3.5.0-debian # -- the error log level, default is info, optional values are: debug, info, warn, error, panic, fatal logLevel: "info" # -- the output file path of error log, default is stderr, when # the file path is "stderr" or "stdout", logs are marshalled # plainly, which is more readable for human; otherwise logs # are marshalled in JSON format, which can be parsed by # programs easily. logOutput: "stderr" # -- the TLS certificate file path. certFile: "/etc/webhook/certs/cert.pem" # -- the TLS key file path. keyFile: "/etc/webhook/certs/key.pem" # -- the HTTP Server listen address, default is ":8080" httpListen: ":8080" # -- the HTTPS Server listen address, default is ":8443" httpsListen: ":8443" # -- the controller will use the Endpoint of this Service to # update the status information of the Ingress resource. # The format is "namespace/svc-name" to solve the situation that # the data plane and the controller are not deployed in the same namespace. ingressPublishService: "" ingressStatusAddress: [] # -- enable profiling via web interfaces host:port/debug/pprof, default is true. enableProfiling: true # -- Default interval for synchronizing Kubernetes resources to APISIX apisixResourceSyncInterval: "1h" # -- Pluginmetadata in APISIX can be controlled through ConfigMap. default is "" pluginMetadataCM: "" # -- Kubernetes related configurations. kubernetes: # -- the Kubernetes configuration file path, default is "", so the in-cluster # configuration will be used. kubeconfig: "" # -- how long should apisix-ingress-controller re-synchronizes with Kubernetes, # default is 6h, resyncInterval: "6h" # -- namespace_selector represent basis for selecting managed namespaces. # the field is support since version 1.4.0 # For example, "apisix.ingress=watching", so ingress will watching the namespaces which labels "apisix.ingress=watching" namespaceSelector: [""] # -- the election id for the controller leader campaign, # only the leader will watch and delivery resource changes, # other instances (as candidates) stand by. electionId: "ingress-apisix-leader" # -- The class of an Ingress object is set using the field IngressClassName in # Kubernetes clusters version v1.18.0 or higher or the annotation # "kubernetes.io/ingress.class" (deprecated). ingressClass: "apisix" # -- the supported ingress api group version, can be "networking/v1beta1", # "networking/v1" (for Kubernetes version v1.19.0 or higher), and # "extensions/v1beta1", default is "networking/v1". ingressVersion: "networking/v1" # -- whether to watch EndpointSlices rather than Endpoints. watchEndpointSlices: false # -- the supported apisixroute api group version, can be "apisix.apache.org/v2" # "apisix.apache.org/v2beta3" or "apisix.apache.org/v2beta2" apisixRouteVersion: "apisix.apache.org/v2" # -- whether to enable support for Gateway API. # Note: This feature is currently under development and may not work as expected. # It is not recommended to use it in a production environment. # Before we announce support for it to reach Beta level or GA. enableGatewayAPI: false # -- the resource API version, support "apisix.apache.org/v2beta3" and "apisix.apache.org/v2". # default is "apisix.apache.org/v2" apiVersion: "apisix.apache.org/v2" # -- APISIX related configurations. apisix: # -- Enabling this value, overrides serviceName and serviceNamespace. # serviceFullname: "apisix-admin.apisix.svc.local" serviceName: apisix-admin serviceNamespace: ingress-apisix servicePort: 9180 adminKey: "edd1c9f034335f136f87ad84b625c8f1" clusterName: "default" # -- the APISIX admin API version. can be "v2" or "v3", default is "v2". adminAPIVersion: "v2" # -- The APISIX Helm chart supports storing user credentials in a secret. # The secret needs to contain a single key for admin token with key adminKey by default. existingSecret: "" # -- Name of the admin token key in the secret, overrides the default key name "adminKey" existingSecretAdminKeyKey: "" resources: {} initContainer: image: busybox tag: 1.28 autoscaling: enabled: false # -- HPA version, the value is "v2" or "v2beta1", default "v2" version: v2 minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # -- Update strategy for apisix ingress controller deployment updateStrategy: {} # type: RollingUpdate nodeSelector: {} tolerations: [] affinity: {} # -- Topology Spread Constraints for pod assignment spread across your cluster among failure-domains # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods topologySpreadConstraints: [] # namespace: "ingress-apisix" # -- Enable creating ServiceMonitor objects for Prometheus operator. # Requires Prometheus operator v0.38.0 or higher. serviceMonitor: enabled: false namespace: "monitoring" interval: 15s # -- @param serviceMonitor.labels ServiceMonitor extra labels labels: {} # -- @param serviceMonitor.annotations ServiceMonitor annotations annotations: {} # -- @param serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion. # ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs metricRelabelings: {} # -- See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details podDisruptionBudget: # -- Enable or disable podDisruptionBudget enabled: false # -- Set the `minAvailable` of podDisruptionBudget. You can specify only one of `maxUnavailable` and `minAvailable` in a single PodDisruptionBudget. # See [Specifying a Disruption Budget for your Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) # for more details minAvailable: 90% # -- Set the maxUnavailable of podDisruptionBudget maxUnavailable: 1 podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 gateway: # -- Apache APISIX service type for user access itself type: NodePort externalTrafficPolicy: Cluster # annotations: # service.beta.kubernetes.io/aws-load-balancer-type: nlb # loadBalancerIP: a.b.c.d # loadBalancerSourceRanges: # - "143.231.0.0/16" # -- load balancer ips externalIPs: [] nginx: # -- Nginx workerRlimitNoFile workerRlimitNofile: "20480" # -- Nginx worker connections workerConnections: "10620" # -- Nginx worker processes workerProcesses: auto # -- Nginx error logs path errorLog: stderr # -- Nginx error logs level errorLogLevel: warn resources: {} securityContext: {} # capabilities: # add: # - NET_BIND_SERVICE # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 636 tls: enabled: false servicePort: 443 containerPort: 9443 # -- Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99) additionalContainerPorts: [] # - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`. # port: 9445 # enable_http2: true # -- Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) existingCASecret: "" # -- Filename be used in the gateway.tls.existingCASecret certCAFilename: "" http2: enabled: true # -- TLS protocols allowed to use. sslProtocols: "TLSv1.2 TLSv1.3" # -- Define SNI to fallback if none is presented by client fallbackSNI: ""