diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml index 60fca83..9848192 100644 --- a/charts/gateway/Chart.yaml +++ b/charts/gateway/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.51 +version: 0.2.52 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/gateway/README.md b/charts/gateway/README.md index cd79db0..3a4ac32 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -183,21 +183,23 @@ The command removes all the Kubernetes components associated with the chart and | fullnameOverride | string | `""` | | | gateway.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb | | gateway.externalTrafficPolicy | string | `"Cluster"` | | -| gateway.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"ip":"0.0.0.0","servicePort":80}` | API7 Gateway service settings for http | +| gateway.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"ip":"0.0.0.0","nodePort":null,"servicePort":80}` | API7 Gateway service settings for http | | gateway.http.additionalContainerPorts | list | `[]` | Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) | | gateway.http.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway http service. | +| gateway.http.nodePort | int | `nil` | The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. | | gateway.ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"tls":[]}` | Using ingress access API7 Gateway service | | gateway.ingress.annotations | object | `{}` | Ingress annotations | | gateway.labelsOverride | object | `{}` | Override default labels assigned to API7 Gateway gateway resources | | gateway.livenessProbe | object | `{}` | kubernetes liveness probe. | | gateway.readinessProbe | object | `{}` | kubernetes readiness probe, we will provide a probe based on tcpSocket to gateway's HTTP port by default. | | gateway.stream | object | `{"enabled":false,"only":false,"tcp":[],"udp":[]}` | API7 Gateway service settings for stream. L4 proxy (TCP/UDP) | -| gateway.tls | object | `{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":true,"existingCASecret":"","fallbackSNI":"","http2":{"enabled":true},"ip":"0.0.0.0","servicePort":443,"sslProtocols":"TLSv1.2 TLSv1.3"}` | API7 Gateway service settings for tls | +| gateway.tls | object | `{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":true,"existingCASecret":"","fallbackSNI":"","http2":{"enabled":true},"ip":"0.0.0.0","nodePort":null,"servicePort":443,"sslProtocols":"TLSv1.2 TLSv1.3"}` | API7 Gateway service settings for tls | | gateway.tls.additionalContainerPorts | list | `[]` | Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99) | | gateway.tls.certCAFilename | string | `""` | Filename be used in the gateway.tls.existingCASecret | | gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) | | gateway.tls.fallbackSNI | string | `""` | If set this, when the client doesn't send SNI during handshake, the fallback SNI will be used instead | | gateway.tls.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway https service. | +| gateway.tls.nodePort | int | `nil` | The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. | | gateway.tls.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols allowed to use. | | gateway.type | string | `"NodePort"` | API7 Gateway service type for user access itself | | global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | diff --git a/charts/gateway/templates/_pod.tpl b/charts/gateway/templates/_pod.tpl index b041e22..d887516 100644 --- a/charts/gateway/templates/_pod.tpl +++ b/charts/gateway/templates/_pod.tpl @@ -145,7 +145,11 @@ spec: {{- if (gt (len .udp) 0) }} {{- range $index, $port := .udp }} - name: proxy-udp-{{ $index | toString }} + {{- if kindIs "map" $port }} + containerPort: {{ splitList ":" ($port.addr | toString) | last }} + {{- else }} containerPort: {{ $port }} + {{- end }} protocol: UDP {{- end }} {{- end }} diff --git a/charts/gateway/templates/configmap.yaml b/charts/gateway/templates/configmap.yaml index deeb1f2..5b7716b 100644 --- a/charts/gateway/templates/configmap.yaml +++ b/charts/gateway/templates/configmap.yaml @@ -83,7 +83,6 @@ data: only: {{ .Values.gateway.stream.only }} {{- if gt (len .Values.gateway.stream.tcp) 0 }} tcp: # TCP proxy port list - {{- if gt (len .Values.gateway.stream.tcp) 0}} {{- range .Values.gateway.stream.tcp }} {{- if kindIs "map" . }} - addr: {{ .addr }} @@ -94,18 +93,15 @@ data: - {{ . }} {{- end }} {{- end }} - {{- else}} - - 9100 - {{- end }} {{- end }} {{- if gt (len .Values.gateway.stream.udp) 0 }} udp: # UDP proxy port list - {{- if gt (len .Values.gateway.stream.udp) 0}} {{- range .Values.gateway.stream.udp }} + {{- if kindIs "map" . }} + - addr: {{ .addr }} + {{- else }} - {{ . }} {{- end }} - {{- else}} - - 9200 {{- end }} {{- end }} {{- end }} diff --git a/charts/gateway/templates/service-gateway.yaml b/charts/gateway/templates/service-gateway.yaml index e011b4b..e3cfc13 100644 --- a/charts/gateway/templates/service-gateway.yaml +++ b/charts/gateway/templates/service-gateway.yaml @@ -1,3 +1,4 @@ +{{- $global := . -}} {{- if .Values.apisix.enabled }} apiVersion: v1 kind: Service @@ -41,30 +42,36 @@ spec: - name: apisix-gateway port: {{ .Values.gateway.http.servicePort }} targetPort: {{ .Values.gateway.http.containerPort }} - {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.http.nodePort))) }} + {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.http.nodePort))) }} nodePort: {{ .Values.gateway.http.nodePort }} - {{- end }} + {{- end }} protocol: TCP {{- end }} {{- range .Values.gateway.http.additionalContainerPorts }} - name: apisix-gateway-{{ .port | toString }} port: {{ .port }} targetPort: {{ .port }} + {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty .nodePort))) }} + nodePort: {{ .nodePort }} + {{- end }} protocol: TCP {{- end }} {{- if or .Values.gateway.tls.enabled }} - name: apisix-gateway-tls port: {{ .Values.gateway.tls.servicePort }} targetPort: {{ .Values.gateway.tls.containerPort }} - {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.tls.nodePort))) }} + {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.tls.nodePort))) }} nodePort: {{ .Values.gateway.tls.nodePort }} - {{- end }} + {{- end }} protocol: TCP {{- end }} {{- range .Values.gateway.tls.additionalContainerPorts }} - name: apisix-gateway-tls-{{ .port | toString }} port: {{ .port }} targetPort: {{ .port }} + {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty .nodePort))) }} + nodePort: {{ .nodePort }} + {{- end }} {{- end }} {{- if .Values.serviceMonitor.enabled }} - name: prometheus @@ -83,23 +90,33 @@ spec: {{- if (gt (len .tcp) 0) }} {{- range $index, $port := .tcp }} - name: proxy-tcp-{{ $index | toString }} + protocol: TCP {{- if kindIs "map" $port }} port: {{ splitList ":" ($port.addr | toString) | last }} targetPort: {{ splitList ":" ($port.addr | toString) | last }} - protocol: TCP + {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty $port.nodePort))) }} + nodePort: {{ $port.nodePort }} + {{- end }} {{- else }} port: {{ $port }} targetPort: {{ $port }} - protocol: TCP {{- end }} {{- end }} {{- end }} {{- if (gt (len .udp) 0) }} {{- range $index, $port := .udp }} - name: proxy-udp-{{ $index | toString }} + protocol: UDP + {{- if kindIs "map" $port }} + port: {{ splitList ":" ($port.addr | toString) | last }} + targetPort: {{ splitList ":" ($port.addr | toString) | last }} + {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty $port.nodePort))) }} + nodePort: {{ $port.nodePort }} + {{- end }} + {{- else }} port: {{ $port }} targetPort: {{ $port }} - protocol: UDP + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml index 52a3f1d..524ba94 100644 --- a/charts/gateway/values.yaml +++ b/charts/gateway/values.yaml @@ -309,12 +309,15 @@ gateway: ip: 0.0.0.0 servicePort: 80 containerPort: 9080 + # -- (int) The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. + nodePort: # hostPort: 9080 # backlog: 1024 # sets the backlog parameter in the listen() call that limits, the maximum length for the queue of pending connections. By default, backlog is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms. # -- Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) additionalContainerPorts: [] # - port: 9081 # hostPort: 9081 + # nodePort: 31081 # enable_http2: true # If not set, the default value is `false`. # backlog: 1024 # - ip: 127.0.0.2 # Specific IP, If not set, the default value is `0.0.0.0`. @@ -329,6 +332,8 @@ gateway: ip: 0.0.0.0 servicePort: 443 containerPort: 9443 + # -- (int) The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. + nodePort: # hostPort: 9443 # backlog: 1024 # -- Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99) @@ -336,6 +341,7 @@ gateway: # - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`. # port: 9445 # hostPort: 9445 + # nodePort: 31045 # enable_http2: true # backlog: 1024 # -- Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) @@ -353,7 +359,13 @@ gateway: enabled: false only: false tcp: [] + # - addr: 192.168.31.10:5432 + # - addr: 3302 + # nodePort: 31302 udp: [] + # - addr: 192.168.31.10:53 + # - addr: 5353 + # nodePort: 31353 # -- Using ingress access API7 Gateway service ingress: enabled: false