From d427db4cc6941624dc9468d727df9a850dc52b5f Mon Sep 17 00:00:00 2001 From: Kevin McDermott Date: Thu, 6 Jun 2024 16:07:25 -0700 Subject: [PATCH 1/4] Update to apisix 3.9.1 and enable service for etcd adapter in apisix-ingress-controller --- charts/apisix-ingress-controller/Chart.yaml | 4 ++-- .../templates/apisix-configmap.yaml | 1 - charts/apisix-ingress-controller/templates/configmap.yaml | 3 +++ charts/apisix-ingress-controller/templates/service.yaml | 6 ++++++ charts/apisix-ingress-controller/values.yaml | 5 ++--- charts/apisix/Chart.yaml | 2 +- 6 files changed, 14 insertions(+), 7 deletions(-) diff --git a/charts/apisix-ingress-controller/Chart.yaml b/charts/apisix-ingress-controller/Chart.yaml index 636a794d..bb45ec3c 100644 --- a/charts/apisix-ingress-controller/Chart.yaml +++ b/charts/apisix-ingress-controller/Chart.yaml @@ -24,8 +24,8 @@ keywords: - nginx - crd type: application -version: 0.14.0 -appVersion: 1.8.0 +version: 0.14.1 +appVersion: 1.8.2 sources: - https://github.com/apache/apisix-helm-chart diff --git a/charts/apisix-ingress-controller/templates/apisix-configmap.yaml b/charts/apisix-ingress-controller/templates/apisix-configmap.yaml index cb41c4fe..4c4ae5fe 100644 --- a/charts/apisix-ingress-controller/templates/apisix-configmap.yaml +++ b/charts/apisix-ingress-controller/templates/apisix-configmap.yaml @@ -55,7 +55,6 @@ data: enable: {{ .Values.gateway.tls.enabled }} listen: - port: {{ .Values.gateway.tls.containerPort }} - enable_http2: {{ .Values.gateway.tls.http2.enabled }} {{- with .Values.gateway.tls.additionalContainerPorts }} {{- toYaml . | nindent 10}} {{- end }} diff --git a/charts/apisix-ingress-controller/templates/configmap.yaml b/charts/apisix-ingress-controller/templates/configmap.yaml index 01612165..c7bd99a0 100644 --- a/charts/apisix-ingress-controller/templates/configmap.yaml +++ b/charts/apisix-ingress-controller/templates/configmap.yaml @@ -72,6 +72,9 @@ data: default_cluster_admin_key: {{ .Values.config.apisix.adminKey | quote }} {{- end }} default_cluster_name: {{ .Values.config.apisix.clusterName | quote }} + {{- if .Values.config.apisix.enable_http2 }} + enable_http2: {{ .Values.config.apisix.enable_http2 }} + {{- end }} {{ if .Values.config.etcdserver.enabled }} etcdserver: enabled: true diff --git a/charts/apisix-ingress-controller/templates/service.yaml b/charts/apisix-ingress-controller/templates/service.yaml index be8ad73d..062dc3da 100644 --- a/charts/apisix-ingress-controller/templates/service.yaml +++ b/charts/apisix-ingress-controller/templates/service.yaml @@ -28,5 +28,11 @@ spec: targetPort: {{ (.Values.config.httpListen | split ":")._1 }} protocol: TCP name: http + {{- if .Values.config.etcdserver.enabled }} + - port: 12379 + targetPort: 12379 + protocol: TCP + name: etcd + {{- end }} selector: {{- include "apisix-ingress-controller.selectorLabels" . | nindent 4 }} diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml index 928cc75e..95fc043c 100644 --- a/charts/apisix-ingress-controller/values.yaml +++ b/charts/apisix-ingress-controller/values.yaml @@ -74,7 +74,7 @@ config: pullPolicy: IfNotPresent # -- Apache APISIX image tag # Overrides the image tag whose default is the chart appVersion. - tag: 3.5.0-debian + tag: 3.9.1-debian # -- the error log level, default is info, optional values are: debug, info, warn, error, panic, fatal logLevel: "info" # -- the output file path of error log, default is stderr, when @@ -159,6 +159,7 @@ config: existingSecret: "" # -- Name of the admin token key in the secret, overrides the default key name "adminKey" existingSecretAdminKeyKey: "" + enable_http2: true resources: {} @@ -268,8 +269,6 @@ gateway: existingCASecret: "" # -- Filename be used in the gateway.tls.existingCASecret certCAFilename: "" - http2: - enabled: true # -- TLS protocols allowed to use. sslProtocols: "TLSv1.2 TLSv1.3" # -- Define SNI to fallback if none is presented by client diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml index 0d390e0c..b379debc 100644 --- a/charts/apisix/Chart.yaml +++ b/charts/apisix/Chart.yaml @@ -51,7 +51,7 @@ dependencies: condition: dashboard.enabled alias: dashboard - name: apisix-ingress-controller - version: 0.14.0 + version: 0.14.1 repository: https://charts.apiseven.com condition: ingress-controller.enabled alias: ingress-controller From 846c5feb7e7ab84aa6f912ecd6d8ea8abe82b334 Mon Sep 17 00:00:00 2001 From: Kevin McDermott Date: Thu, 6 Jun 2024 16:18:06 -0700 Subject: [PATCH 2/4] Use enableHTTP2 as variable to match what apisix helm chart uses --- charts/apisix-ingress-controller/templates/configmap.yaml | 4 ++-- charts/apisix-ingress-controller/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/apisix-ingress-controller/templates/configmap.yaml b/charts/apisix-ingress-controller/templates/configmap.yaml index c7bd99a0..34e526fa 100644 --- a/charts/apisix-ingress-controller/templates/configmap.yaml +++ b/charts/apisix-ingress-controller/templates/configmap.yaml @@ -72,8 +72,8 @@ data: default_cluster_admin_key: {{ .Values.config.apisix.adminKey | quote }} {{- end }} default_cluster_name: {{ .Values.config.apisix.clusterName | quote }} - {{- if .Values.config.apisix.enable_http2 }} - enable_http2: {{ .Values.config.apisix.enable_http2 }} + {{- if .Values.config.apisix.enableHTTP2 }} + enable_http2: {{ .Values.config.apisix.enableHTTP2 }} {{- end }} {{ if .Values.config.etcdserver.enabled }} etcdserver: diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml index 95fc043c..ad1dd2ca 100644 --- a/charts/apisix-ingress-controller/values.yaml +++ b/charts/apisix-ingress-controller/values.yaml @@ -159,7 +159,7 @@ config: existingSecret: "" # -- Name of the admin token key in the secret, overrides the default key name "adminKey" existingSecretAdminKeyKey: "" - enable_http2: true + enableHTTP2: true resources: {} From 86d2840f3932a166e015077f861d72096bb04d1c Mon Sep 17 00:00:00 2001 From: Kevin McDermott Date: Fri, 7 Jun 2024 08:12:12 -0700 Subject: [PATCH 3/4] Revert update apisix-ingress-controller chart version in apisix chart --- charts/apisix/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml index b379debc..0d390e0c 100644 --- a/charts/apisix/Chart.yaml +++ b/charts/apisix/Chart.yaml @@ -51,7 +51,7 @@ dependencies: condition: dashboard.enabled alias: dashboard - name: apisix-ingress-controller - version: 0.14.1 + version: 0.14.0 repository: https://charts.apiseven.com condition: ingress-controller.enabled alias: ingress-controller From fd0cf13ab0823ceacbee9ae08362362b87560a44 Mon Sep 17 00:00:00 2001 From: Kevin McDermott Date: Fri, 7 Jun 2024 08:15:54 -0700 Subject: [PATCH 4/4] Don't need http2 if apisix running as control plane only --- charts/apisix-ingress-controller/README.md | 1 - charts/apisix-ingress-controller/templates/configmap.yaml | 3 --- charts/apisix-ingress-controller/values.yaml | 2 -- 3 files changed, 6 deletions(-) diff --git a/charts/apisix-ingress-controller/README.md b/charts/apisix-ingress-controller/README.md index 3fe6505b..c5d8ccce 100644 --- a/charts/apisix-ingress-controller/README.md +++ b/charts/apisix-ingress-controller/README.md @@ -160,7 +160,6 @@ The same for container level, you need to set: | gateway.tls.enabled | bool | `false` | | | gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) | | gateway.tls.fallbackSNI | string | `""` | Define SNI to fallback if none is presented by client | -| gateway.tls.http2.enabled | bool | `true` | | | gateway.tls.servicePort | int | `443` | | | gateway.tls.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols allowed to use. | | gateway.type | string | `"NodePort"` | Apache APISIX service type for user access itself | diff --git a/charts/apisix-ingress-controller/templates/configmap.yaml b/charts/apisix-ingress-controller/templates/configmap.yaml index 34e526fa..01612165 100644 --- a/charts/apisix-ingress-controller/templates/configmap.yaml +++ b/charts/apisix-ingress-controller/templates/configmap.yaml @@ -72,9 +72,6 @@ data: default_cluster_admin_key: {{ .Values.config.apisix.adminKey | quote }} {{- end }} default_cluster_name: {{ .Values.config.apisix.clusterName | quote }} - {{- if .Values.config.apisix.enableHTTP2 }} - enable_http2: {{ .Values.config.apisix.enableHTTP2 }} - {{- end }} {{ if .Values.config.etcdserver.enabled }} etcdserver: enabled: true diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml index ad1dd2ca..8db4ac20 100644 --- a/charts/apisix-ingress-controller/values.yaml +++ b/charts/apisix-ingress-controller/values.yaml @@ -159,7 +159,6 @@ config: existingSecret: "" # -- Name of the admin token key in the secret, overrides the default key name "adminKey" existingSecretAdminKeyKey: "" - enableHTTP2: true resources: {} @@ -264,7 +263,6 @@ gateway: additionalContainerPorts: [] # - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`. # port: 9445 - # enable_http2: true # -- Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) existingCASecret: "" # -- Filename be used in the gateway.tls.existingCASecret