Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc(k8s): removed unnecessary configurations. #1891

Merged
merged 4 commits into from
Jul 31, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 11 additions & 8 deletions kubernetes/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,16 @@
There are some yaml files for deploying apisix in Kubernetes.

### Prerequisites
- Install etcd
- use `etcd` , if there is no `etcd` service, please install and set env `etcd_url` in `config.sh`

- Run `config.sh` to generate `apisix-gw-config-cm.yaml` from the latest `config.yaml`

```
gxthrj marked this conversation as resolved.
Show resolved Hide resolved
# if config.sh have no permission to executethen, then execute `chmod +x config.sh`
# Generate apisix-gw-config-cm.yaml
# sh config.sh
```


#### when using etcd-operator
when using etcd-operator, you need to change apisix-gw-config-cm.yaml:
Expand Down Expand Up @@ -56,7 +65,7 @@ or
$ kubectl create configmap apisix-gw-config.yaml --from-file=../conf/config.yaml
```

##### Note: you should modify etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first
##### Note: you should check etcd addr in config file `apisix-gw-config-cm.yaml` or `../conf/config.yaml` first, make sure the etcd addresses are correct.

```
etcd:
Expand All @@ -76,12 +85,6 @@ $ kubectl apply -f deployment.yaml
$ kubectl apply -f service.yaml
```

#### Create service for apache incubator-apisix (when using Aliyun SLB)

```
$ kubectl apply -f service-aliyun-slb.yaml
```

#### Scale apache incubator-apisix

```
Expand Down
131 changes: 1 addition & 130 deletions kubernetes/apisix-gw-config-cm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,136 +18,7 @@
apiVersion: v1
data:
config.yaml: |
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
node_listen: 9080 # APISIX listening port
enable_admin: true
enable_admin_cors: true # Admin API support CORS response headers.
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`

#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server

# allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
# - 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
# - "::/64"
# port_admin: 9180 # use a separate port

# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
-
name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
# radixtree_host_uri: match route by host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
# stream_proxy: # TCP/UDP proxy
# tcp: # TCP proxy port list
# - 9100
# - 9101
# udp: # UDP proxy port list
# - 9200
# - 9211
dns_resolver: # default DNS resolver, with disable IPv6 and enable local DNS
- 114.114.114.114
- 223.5.5.5
- 1.1.1.1
- 8.8.8.8
dns_resolver_valid: 30 # valid time for dns result 30 seconds

ssl:
enable: true
enable_http2: true
listen_port: 9443
ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"

nginx_config: # config for render the template to genarate nginx.conf
error_log: "logs/error.log"
error_log_level: "warn" # warn,error
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
event:
worker_connections: 10620
http:
access_log: "logs/access.log"
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'

etcd:
host: "http://127.0.0.1:2379" # etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 3 # 3 seconds

plugins: # plugin list
- example-plugin
- limit-req
- limit-count
- limit-conn
- key-auth
- basic-auth
- prometheus
- node-status
- jwt-auth
- zipkin
- ip-restriction
- grpc-transcode
- serverless-pre-function
- serverless-post-function
- openid-connect
- proxy-rewrite
- redirect
- response-rewrite
- fault-injection
- udp-logger
- wolf-rbac
- consumer-restriction

stream_plugins:
- mqtt-proxy

#CONFIG_YAML#
kind: ConfigMap
metadata:
name: apisix-gw-config.yaml
Expand Down
29 changes: 29 additions & 0 deletions kubernetes/config.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/bin/sh
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#


export etcd_url='http://$ETCD_IP_ADDRESS:2379'

wget https://raw.githubusercontent.com/apache/incubator-apisix/master/conf/config.yaml

sed -i -e ':a' -e 'N' -e '$!ba' -e "s/allow_admin[a-z: #\/._]*\n\( *- [0-9a-zA-Z: #\/._',]*\n*\)*//g" config.yaml

sed -i -e "s%http://[0-9.]*:2379%`echo $etcd_url`%g" config.yaml

sed -i -e '/#CONFIG_YAML#/{r config.yaml' -e 'd}' apisix-gw-config-cm.yaml

52 changes: 0 additions & 52 deletions kubernetes/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,6 @@ spec:
labels:
app: apisix-gw
spec:
# tolerations:
# - key: "group"
# operator: "Equal"
# value: "prod"
# effect: "NoSchedule"
# nodeSelector:
# env: prod
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand Down Expand Up @@ -95,16 +88,6 @@ spec:
- containerPort: 9443
name: https
protocol: TCP
# livenessProbe:
# failureThreshold: 3
# httpGet:
# path: /healthz
# port: 10254
# scheme: HTTP
# initialDelaySeconds: 10
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 1
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 10
Expand All @@ -113,42 +96,13 @@ spec:
tcpSocket:
port: 9080
timeoutSeconds: 1
lifecycle:
# For alpine based image
# https://k8s.imroc.io/troubleshooting/cases/dns-lookup-5s-delay
# postStart:
# exec:
# command:
# - /bin/sh
# - -c
# - "/bin/echo 'options single-request-reopen' >> /etc/resolv.conf"
preStop:
exec:
command:
- /bin/sh
- -c
- "sleep 30"
# cpu core(s), 1 == 1000m
resources:
limits:
cpu: '2'
requests:
cpu: '50m'

volumeMounts:
- mountPath: /usr/local/apisix/conf/config.yaml
name: apisix-config-yaml-configmap
subPath: config.yaml
- mountPath: /etc/localtime
name: localtime
readOnly: true
# - mountPath: /usr/local/apisix/conf/nginx.conf
# name: apisix-nginx-conf-configmap
# subPath: nginx.conf
# - mountPath: /usr/local/openresty/openssl/ssl/openssl.cnf
# name: apisix-openssl-cnf-configmap
# subPath: openssl.cnf

volumes:
- configMap:
name: apisix-gw-config.yaml
Expand All @@ -157,9 +111,3 @@ spec:
path: /etc/localtime
type: File
name: localtime
# - configMap:
# name: apisix-gw-nginx.conf
# name: apisix-nginx-conf-configmap
# - configMap:
# name: apisix-gw-openssl.cnf.conf
# name: apisix-openssl-cnf-configmap
78 changes: 0 additions & 78 deletions kubernetes/service-aliyun-slb.yaml

This file was deleted.