From 414a327e160cbea856a64a4c53dde5a4faf5283e Mon Sep 17 00:00:00 2001 From: gxthrj Date: Wed, 22 Jul 2020 23:48:05 +0800 Subject: [PATCH 1/4] =?UTF-8?q?style=EF=BC=9Amodify=20kubernetes=20doc,mak?= =?UTF-8?q?e=20config.yaml=20from=20the=20latest=20version=20and=20remove?= =?UTF-8?q?=20some=20config=20not=20necessary?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes/README.md | 20 +++-- kubernetes/apisix-gw-config-cm.yaml | 131 +--------------------------- kubernetes/config.sh | 12 +++ kubernetes/deployment.yaml | 54 +----------- kubernetes/service-aliyun-slb.yaml | 78 ----------------- 5 files changed, 26 insertions(+), 269 deletions(-) create mode 100755 kubernetes/config.sh delete mode 100644 kubernetes/service-aliyun-slb.yaml diff --git a/kubernetes/README.md b/kubernetes/README.md index c6bd9abfd799..d1d2eda16a71 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -21,7 +21,17 @@ There are some yaml files for deploying apisix in Kubernetes. ### Prerequisites -- Install etcd +- Install etcd , and set env `etcd_url` in config.sh + +- Run `config.sh` to generate apisix-gw-config-cm.yaml from the latest `config.yaml` + +``` +# if config.sh have no permission to execute +# chmod +x config.sh +# Generate apisix-gw-config-cm.yaml +# sh config.sh +``` + #### when using etcd-operator when using etcd-operator, you need to change apisix-gw-config-cm.yaml: @@ -56,7 +66,7 @@ or $ kubectl create configmap apisix-gw-config.yaml --from-file=../conf/config.yaml ``` -##### Note: you should modify etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first +##### Note: you should check etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first, make sure the etcd addresses are right. ``` etcd: @@ -76,12 +86,6 @@ $ kubectl apply -f deployment.yaml $ kubectl apply -f service.yaml ``` -#### Create service for apache incubator-apisix (when using Aliyun SLB) - -``` -$ kubectl apply -f service-aliyun-slb.yaml -``` - #### Scale apache incubator-apisix ``` diff --git a/kubernetes/apisix-gw-config-cm.yaml b/kubernetes/apisix-gw-config-cm.yaml index f32177699ebc..e1d50222960d 100644 --- a/kubernetes/apisix-gw-config-cm.yaml +++ b/kubernetes/apisix-gw-config-cm.yaml @@ -18,136 +18,7 @@ apiVersion: v1 data: config.yaml: | - # - # Licensed to the Apache Software Foundation (ASF) under one or more - # contributor license agreements. See the NOTICE file distributed with - # this work for additional information regarding copyright ownership. - # The ASF licenses this file to You under the Apache License, Version 2.0 - # (the "License"); you may not use this file except in compliance with - # the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - apisix: - node_listen: 9080 # APISIX listening port - enable_admin: true - enable_admin_cors: true # Admin API support CORS response headers. - enable_debug: false - enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true - enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. - enable_ipv6: true - config_center: etcd # etcd: use etcd to store the config value - # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` - - #proxy_protocol: # Proxy Protocol configuration - # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. - # This port can only receive http request with proxy protocol, but node_listen & port_admin - # can only receive http request. If you enable proxy protocol, you must use this port to - # receive http request with proxy protocol - # listen_https_port: 9182 # The port with proxy protocol for https - # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option - # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server - - # allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - # - 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default. - # - "::/64" - # port_admin: 9180 # use a separate port - - # Default token when use API to call for Admin API. - # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. - # Disabling this configuration item means that the Admin API does not - # require any authentication. - admin_key: - - - name: "admin" - key: edd1c9f034335f136f87ad84b625c8f1 - role: admin # admin: manage all configuration data - # viewer: only can view configuration data - - - name: "viewer" - key: 4054f7cf07e344346cd3f287985e76a2 - role: viewer - router: - http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) - # radixtree_host_uri: match route by host + uri(base on radixtree) - ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) - # stream_proxy: # TCP/UDP proxy - # tcp: # TCP proxy port list - # - 9100 - # - 9101 - # udp: # UDP proxy port list - # - 9200 - # - 9211 - dns_resolver: # default DNS resolver, with disable IPv6 and enable local DNS - - 114.114.114.114 - - 223.5.5.5 - - 1.1.1.1 - - 8.8.8.8 - dns_resolver_valid: 30 # valid time for dns result 30 seconds - - ssl: - enable: true - enable_http2: true - listen_port: 9443 - ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" - ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" - - nginx_config: # config for render the template to genarate nginx.conf - error_log: "logs/error.log" - error_log_level: "warn" # warn,error - worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections - event: - worker_connections: 10620 - http: - access_log: "logs/access.log" - keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. - client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client - client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client - send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed - underscores_in_headers: "on" # default enables the use of underscores in client request header fields - real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header - real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from - - 127.0.0.1 - - 'unix:' - - etcd: - host: "http://127.0.0.1:2379" # etcd address - prefix: "/apisix" # apisix configurations prefix - timeout: 3 # 3 seconds - - plugins: # plugin list - - example-plugin - - limit-req - - limit-count - - limit-conn - - key-auth - - basic-auth - - prometheus - - node-status - - jwt-auth - - zipkin - - ip-restriction - - grpc-transcode - - serverless-pre-function - - serverless-post-function - - openid-connect - - proxy-rewrite - - redirect - - response-rewrite - - fault-injection - - udp-logger - - wolf-rbac - - consumer-restriction - - stream_plugins: - - mqtt-proxy - + #CONFIG_YAML# kind: ConfigMap metadata: name: apisix-gw-config.yaml diff --git a/kubernetes/config.sh b/kubernetes/config.sh new file mode 100755 index 000000000000..570ab30b4392 --- /dev/null +++ b/kubernetes/config.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +export etcd_url='http://here_is_you_etcd_IP:2379' + +wget https://raw.githubusercontent.com/apache/incubator-apisix/master/conf/config.yaml + +sed -i -e ':a' -e 'N' -e '$!ba' -e "s/allow_admin[a-z: #\/._]*\n\( *- [0-9a-zA-Z: #\/._',]*\n*\)*//g" config.yaml + +sed -i -e "s%http://[0-9.]*:2379%`echo $etcd_url`%g" config.yaml + +sed -i -e '/#CONFIG_YAML#/{r config.yaml' -e 'd}' apisix-gw-config-cm.yaml + diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml index 60d54b231e37..2d4f886d8f98 100644 --- a/kubernetes/deployment.yaml +++ b/kubernetes/deployment.yaml @@ -32,13 +32,6 @@ spec: labels: app: apisix-gw spec: - # tolerations: - # - key: "group" - # operator: "Equal" - # value: "prod" - # effect: "NoSchedule" - # nodeSelector: - # env: prod affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -95,16 +88,6 @@ spec: - containerPort: 9443 name: https protocol: TCP - # livenessProbe: - # failureThreshold: 3 - # httpGet: - # path: /healthz - # port: 10254 - # scheme: HTTP - # initialDelaySeconds: 10 - # periodSeconds: 10 - # successThreshold: 1 - # timeoutSeconds: 1 readinessProbe: failureThreshold: 6 initialDelaySeconds: 10 @@ -113,28 +96,6 @@ spec: tcpSocket: port: 9080 timeoutSeconds: 1 - lifecycle: - # For alpine based image - # https://k8s.imroc.io/troubleshooting/cases/dns-lookup-5s-delay - # postStart: - # exec: - # command: - # - /bin/sh - # - -c - # - "/bin/echo 'options single-request-reopen' >> /etc/resolv.conf" - preStop: - exec: - command: - - /bin/sh - - -c - - "sleep 30" - # cpu core(s), 1 == 1000m - resources: - limits: - cpu: '2' - requests: - cpu: '50m' - volumeMounts: - mountPath: /usr/local/apisix/conf/config.yaml name: apisix-config-yaml-configmap @@ -142,13 +103,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - # - mountPath: /usr/local/apisix/conf/nginx.conf - # name: apisix-nginx-conf-configmap - # subPath: nginx.conf - # - mountPath: /usr/local/openresty/openssl/ssl/openssl.cnf - # name: apisix-openssl-cnf-configmap - # subPath: openssl.cnf - volumes: - configMap: name: apisix-gw-config.yaml @@ -156,10 +110,4 @@ spec: - hostPath: path: /etc/localtime type: File - name: localtime - # - configMap: - # name: apisix-gw-nginx.conf - # name: apisix-nginx-conf-configmap - # - configMap: - # name: apisix-gw-openssl.cnf.conf - # name: apisix-openssl-cnf-configmap + name: localtime \ No newline at end of file diff --git a/kubernetes/service-aliyun-slb.yaml b/kubernetes/service-aliyun-slb.yaml deleted file mode 100644 index a28f150c3f00..000000000000 --- a/kubernetes/service-aliyun-slb.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# https://help.aliyun.com/document_detail/94925.html?spm=5176.2020520152.0.0.44ca16ddon5iJF -apiVersion: v1 -kind: Service -metadata: - name: apisix-gw-lb - # namespace: default - annotations: - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-additional-resource-tags: "" - # - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-AddressType: "intranet" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-network-type: "vpc" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "true" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-persistence-timeout: "1800" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "lb-xx" - # - # http - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id: '' - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: 'https:443' - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec: "slb.s1.small" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port - # http sticky-session - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-sticky-session: "on" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-sticky-session-type: "insert" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cookie-timeout: "1800" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: "http:80" - # - # health-check - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-type: "tcp" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-connect-timeout: "4" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-healthy-threshold: "4" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-unhealthy-threshold: "4" - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-health-check-interval: "6" - # - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-scheduler: "wlc" - # ACL - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-status: "on" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-id: "acl-xx" - # service.beta.kubernetes.io/alibaba-cloud-loadbalancer-acl-type: "white" - # - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-remove-unscheduled-backend: "on" - labels: - app: apisix-gw -spec: - selector: - app: apisix-gw - ports: - - protocol: TCP - port: 80 - name: http - targetPort: 9080 - - protocol: TCP - port: 443 - name: https - targetPort: 9443 - # - protocol: TCP - # port: 9180 - # name: admin-port - # targetPort: 9180 - type: LoadBalancer - externalTrafficPolicy: Local - # sessionAffinity: ClientIP From 8519e72ee8c84a7888436bf656ffd6b958744287 Mon Sep 17 00:00:00 2001 From: gxthrj Date: Mon, 27 Jul 2020 14:33:54 +0800 Subject: [PATCH 2/4] docs: modify by comment --- kubernetes/README.md | 9 ++++----- kubernetes/config.sh | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index d1d2eda16a71..14c12a8cf79a 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -21,13 +21,12 @@ There are some yaml files for deploying apisix in Kubernetes. ### Prerequisites -- Install etcd , and set env `etcd_url` in config.sh +- Install etcd , and set env `etcd_url` in `config.sh` -- Run `config.sh` to generate apisix-gw-config-cm.yaml from the latest `config.yaml` +- Run `config.sh` to generate `apisix-gw-config-cm.yaml` from the latest `config.yaml` ``` -# if config.sh have no permission to execute -# chmod +x config.sh +# if config.sh have no permission to executethen, then execute `chmod +x config.sh` # Generate apisix-gw-config-cm.yaml # sh config.sh ``` @@ -66,7 +65,7 @@ or $ kubectl create configmap apisix-gw-config.yaml --from-file=../conf/config.yaml ``` -##### Note: you should check etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first, make sure the etcd addresses are right. +##### Note: you should check etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first, make sure the etcd addresses are correct. ``` etcd: diff --git a/kubernetes/config.sh b/kubernetes/config.sh index 570ab30b4392..8283e6cabc51 100755 --- a/kubernetes/config.sh +++ b/kubernetes/config.sh @@ -1,6 +1,6 @@ #!/bin/sh -export etcd_url='http://here_is_you_etcd_IP:2379' +export etcd_url='http://$ETCD_IP_ADDRESS:2379' wget https://raw.githubusercontent.com/apache/incubator-apisix/master/conf/config.yaml From 297bc8f4ba2dc9fc3a346762af14a8218d05b07a Mon Sep 17 00:00:00 2001 From: gxthrj Date: Mon, 27 Jul 2020 14:38:16 +0800 Subject: [PATCH 3/4] docs: modify by comment --- kubernetes/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index 14c12a8cf79a..6014401b0819 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -21,7 +21,7 @@ There are some yaml files for deploying apisix in Kubernetes. ### Prerequisites -- Install etcd , and set env `etcd_url` in `config.sh` +- use `etcd` , if there is no `etcd` service, please install and set env `etcd_url` in `config.sh` - Run `config.sh` to generate `apisix-gw-config-cm.yaml` from the latest `config.yaml` From d2f82278a25f3f749fccbab2572c2cb69d5b5e42 Mon Sep 17 00:00:00 2001 From: gxthrj Date: Wed, 29 Jul 2020 13:10:08 +0800 Subject: [PATCH 4/4] add apache header and EOL in kubernetes/deployment.yaml --- kubernetes/config.sh | 17 +++++++++++++++++ kubernetes/deployment.yaml | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/kubernetes/config.sh b/kubernetes/config.sh index 8283e6cabc51..689ce38f523c 100755 --- a/kubernetes/config.sh +++ b/kubernetes/config.sh @@ -1,4 +1,21 @@ #!/bin/sh +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + export etcd_url='http://$ETCD_IP_ADDRESS:2379' diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml index 2d4f886d8f98..4b03cb73b7f5 100644 --- a/kubernetes/deployment.yaml +++ b/kubernetes/deployment.yaml @@ -110,4 +110,4 @@ spec: - hostPath: path: /etc/localtime type: File - name: localtime \ No newline at end of file + name: localtime