api7 · nic-6443 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml
@@ -14,7 +14,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.51
+version: 0.2.52
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/gateway/README.md b/charts/gateway/README.md
@@ -183,21 +183,23 @@ The command removes all the Kubernetes components associated with the chart and
 | fullnameOverride | string | `""` |  |
 | gateway.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic annotations:   service.beta.kubernetes.io/aws-load-balancer-type: nlb |
 | gateway.externalTrafficPolicy | string | `"Cluster"` |  |
-| gateway.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"ip":"0.0.0.0","servicePort":80}` | API7 Gateway service settings for http |
+| gateway.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"ip":"0.0.0.0","nodePort":null,"servicePort":80}` | API7 Gateway service settings for http |
 | gateway.http.additionalContainerPorts | list | `[]` | Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) |
 | gateway.http.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway http service. |
+| gateway.http.nodePort | int | `nil` | The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. |
 | gateway.ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"apisix.local","paths":[]}],"tls":[]}` | Using ingress access API7 Gateway service |
 | gateway.ingress.annotations | object | `{}` | Ingress annotations |
 | gateway.labelsOverride | object | `{}` | Override default labels assigned to API7 Gateway gateway resources |
 | gateway.livenessProbe | object | `{}` | kubernetes liveness probe. |
 | gateway.readinessProbe | object | `{}` | kubernetes readiness probe, we will provide a probe based on tcpSocket to gateway's HTTP port by default. |
 | gateway.stream | object | `{"enabled":false,"only":false,"tcp":[],"udp":[]}` | API7 Gateway service settings for stream. L4 proxy (TCP/UDP) |
-| gateway.tls | object | `{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":true,"existingCASecret":"","fallbackSNI":"","http2":{"enabled":true},"ip":"0.0.0.0","servicePort":443,"sslProtocols":"TLSv1.2 TLSv1.3"}` | API7 Gateway service settings for tls |
+| gateway.tls | object | `{"additionalContainerPorts":[],"certCAFilename":"","containerPort":9443,"enabled":true,"existingCASecret":"","fallbackSNI":"","http2":{"enabled":true},"ip":"0.0.0.0","nodePort":null,"servicePort":443,"sslProtocols":"TLSv1.2 TLSv1.3"}` | API7 Gateway service settings for tls |
 | gateway.tls.additionalContainerPorts | list | `[]` | Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99) |
 | gateway.tls.certCAFilename | string | `""` | Filename be used in the gateway.tls.existingCASecret |
 | gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) |
 | gateway.tls.fallbackSNI | string | `""` | If set this, when the client doesn't send SNI during handshake, the fallback SNI will be used instead |
 | gateway.tls.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway https service. |
+| gateway.tls.nodePort | int | `nil` | The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. |
 | gateway.tls.sslProtocols | string | `"TLSv1.2 TLSv1.3"` | TLS protocols allowed to use. |
 | gateway.type | string | `"NodePort"` | API7 Gateway service type for user access itself |
 | global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |

diff --git a/charts/gateway/templates/_pod.tpl b/charts/gateway/templates/_pod.tpl
@@ -145,7 +145,11 @@ spec:
         {{- if (gt (len .udp) 0) }}
         {{- range $index, $port := .udp }}
         - name: proxy-udp-{{ $index | toString }}
+        {{- if kindIs "map" $port }}
+          containerPort: {{ splitList ":" ($port.addr | toString) | last }}
+        {{- else }}
           containerPort: {{ $port }}
+        {{- end }}
           protocol: UDP
         {{- end }}
         {{- end }}

diff --git a/charts/gateway/templates/configmap.yaml b/charts/gateway/templates/configmap.yaml
@@ -83,7 +83,6 @@ data:
         only: {{ .Values.gateway.stream.only }}
         {{- if gt (len .Values.gateway.stream.tcp) 0 }}
         tcp:                        # TCP proxy port list
-          {{- if gt (len .Values.gateway.stream.tcp) 0}}
           {{- range .Values.gateway.stream.tcp }}
           {{- if kindIs "map" . }}
           - addr: {{ .addr }}
@@ -94,18 +93,15 @@ data:
           - {{ . }}
           {{- end }}
           {{- end }}
-          {{- else}}
-          - 9100
-          {{- end }}
         {{- end }}
         {{- if gt (len .Values.gateway.stream.udp) 0 }}
         udp:                        # UDP proxy port list
-          {{- if gt (len .Values.gateway.stream.udp) 0}}
           {{- range .Values.gateway.stream.udp }}
+          {{- if kindIs "map" . }}
+          - addr: {{ .addr }}
+          {{- else }}
           - {{ . }}
           {{- end }}
-          {{- else}}
-          - 9200
           {{- end }}
         {{- end }}
       {{- end }}

diff --git a/charts/gateway/templates/service-gateway.yaml b/charts/gateway/templates/service-gateway.yaml
@@ -1,3 +1,4 @@
+{{- $global := . -}}
 {{- if .Values.apisix.enabled }}
 apiVersion: v1
 kind: Service
@@ -41,30 +42,36 @@ spec:
   - name: apisix-gateway
     port: {{ .Values.gateway.http.servicePort }}
     targetPort: {{ .Values.gateway.http.containerPort }}
-  {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.http.nodePort))) }}
+    {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.http.nodePort))) }}
     nodePort: {{ .Values.gateway.http.nodePort }}
-  {{- end }}
+    {{- end }}
     protocol: TCP
   {{- end }}
   {{- range .Values.gateway.http.additionalContainerPorts }}
   - name: apisix-gateway-{{ .port | toString }}
     port: {{ .port }}
     targetPort: {{ .port }}
+    {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty .nodePort))) }}
+    nodePort: {{ .nodePort }}
+    {{- end }}
     protocol: TCP
   {{- end }}
   {{- if or .Values.gateway.tls.enabled }}
   - name: apisix-gateway-tls
     port: {{ .Values.gateway.tls.servicePort }}
     targetPort: {{ .Values.gateway.tls.containerPort }}
-  {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.tls.nodePort))) }}
+    {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.tls.nodePort))) }}
     nodePort: {{ .Values.gateway.tls.nodePort }}
-  {{- end }}
+    {{- end }}
     protocol: TCP
   {{- end }}
   {{- range .Values.gateway.tls.additionalContainerPorts }}
   - name: apisix-gateway-tls-{{ .port | toString }}
     port: {{ .port }}
     targetPort: {{ .port }}
+    {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty .nodePort))) }}
+    nodePort: {{ .nodePort }}
+    {{- end }}
   {{- end }}
   {{- if .Values.serviceMonitor.enabled }}
   - name: prometheus
@@ -83,23 +90,33 @@ spec:
   {{- if (gt (len .tcp) 0) }}
   {{- range $index, $port := .tcp }}
   - name: proxy-tcp-{{ $index | toString }}
+    protocol: TCP
   {{- if kindIs "map" $port }}
     port: {{ splitList ":" ($port.addr | toString) | last }}
     targetPort: {{ splitList ":" ($port.addr | toString) | last }}
-    protocol: TCP
+    {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty $port.nodePort))) }}
+    nodePort: {{ $port.nodePort }}
+    {{- end }}
   {{- else }}
     port: {{ $port }}
     targetPort: {{ $port }}
-    protocol: TCP
   {{- end }}
   {{- end }}
   {{- end }}
   {{- if (gt (len .udp) 0) }}
   {{- range $index, $port := .udp }}
   - name: proxy-udp-{{ $index | toString }}
+    protocol: UDP
+  {{- if kindIs "map" $port }}
+    port: {{ splitList ":" ($port.addr | toString) | last }}
+    targetPort: {{ splitList ":" ($port.addr | toString) | last }}
+    {{- if (and (eq $global.Values.gateway.type "NodePort") (not (empty $port.nodePort))) }}
+    nodePort: {{ $port.nodePort }}
+    {{- end }}
+  {{- else }}
     port: {{ $port }}
     targetPort: {{ $port }}
-    protocol: UDP
+  {{- end }}
   {{- end }}
   {{- end }}
   {{- end }}

diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml
@@ -309,12 +309,15 @@ gateway:
     ip: 0.0.0.0
     servicePort: 80
     containerPort: 9080
+    # -- (int) The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes.
+    nodePort:
     # hostPort: 9080
     # backlog: 1024  # sets the backlog parameter in the listen() call that limits, the maximum length for the queue of pending connections. By default, backlog is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms.
     # -- Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24)
     additionalContainerPorts: []
       # - port: 9081
       #   hostPort: 9081
+      #   nodePort: 31081
       #   enable_http2: true          # If not set, the default value is `false`.
       #   backlog: 1024
       # - ip: 127.0.0.2               # Specific IP, If not set, the default value is `0.0.0.0`.
@@ -329,13 +332,16 @@ gateway:
     ip: 0.0.0.0
     servicePort: 443
     containerPort: 9443
+    # -- (int) The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes.
+    nodePort:
     # hostPort: 9443
     # backlog: 1024
     # -- Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
     additionalContainerPorts: []
       # - ip: 127.0.0.3           # Specific IP, If not set, the default value is `0.0.0.0`.
       #   port: 9445
       #   hostPort: 9445
+      #   nodePort: 31045
       #   enable_http2: true
       #   backlog: 1024
     # -- Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd)
@@ -353,7 +359,13 @@ gateway:
     enabled: false
     only: false
     tcp: []
+      # - addr: 192.168.31.10:5432
+      # - addr: 3302
+      #   nodePort: 31302
     udp: []
+      # - addr: 192.168.31.10:53
+      # - addr: 5353
+      #   nodePort: 31353
   # -- Using ingress access API7 Gateway service
   ingress:
     enabled: false