From 03e356609648f378c35ced5c9efbdd93589871b5 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 24 Apr 2024 19:20:27 +0200 Subject: [PATCH] [bitnami/apisix] Release 3.0.3 (#25355) * [bitnami/apisix] Release 3.0.3 updating components versions Signed-off-by: Bitnami Containers * Update CRDs source URL to use 'v{version}' instead of '{version}' Signed-off-by: Miguel Ruiz * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers * Update CRDs automatically Signed-off-by: Bitnami Containers * [bitnami/apisix] Use apisix.enable_http2 to enable HTTP/2 in APISIX Signed-off-by: David Gomez --------- Signed-off-by: Bitnami Containers Signed-off-by: Miguel Ruiz Signed-off-by: David Gomez Co-authored-by: Miguel Ruiz Co-authored-by: David Gomez Signed-off-by: Matheus Goncalves --- bitnami/apisix/Chart.lock | 8 +- bitnami/apisix/Chart.yaml | 12 +- bitnami/apisix/README.md | 754 +++++++++++++++--------------- bitnami/apisix/crds/crds.yaml | 8 +- bitnami/apisix/values.schema.json | 2 +- bitnami/apisix/values.yaml | 10 +- 6 files changed, 398 insertions(+), 396 deletions(-) diff --git a/bitnami/apisix/Chart.lock b/bitnami/apisix/Chart.lock index 0119e257f7a094..0791c29dd5f510 100644 --- a/bitnami/apisix/Chart.lock +++ b/bitnami/apisix/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: etcd repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.0 + version: 10.0.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.19.0 -digest: sha256:aa5c0524873119fec943b86247b95c1de9e51da689342e9bd5c771df1e5350e1 -generated: "2024-03-18T15:08:59.015072392+01:00" + version: 2.19.1 +digest: sha256:e3ea0709d9e53990c120e484396f2549bec37068141416ed7f43974748dfba2f +generated: "2024-04-24T10:27:22.977404865Z" diff --git a/bitnami/apisix/Chart.yaml b/bitnami/apisix/Chart.yaml index a03e34206dd35d..bd48e7f243d168 100644 --- a/bitnami/apisix/Chart.yaml +++ b/bitnami/apisix/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: apisix - image: docker.io/bitnami/apisix:3.8.0-debian-12-r7 + image: docker.io/bitnami/apisix:3.9.1-debian-12-r0 - name: apisix-dashboard - image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-12-r21 + image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-12-r28 - name: apisix-ingress-controller - image: docker.io/bitnami/apisix-ingress-controller:1.8.0-debian-12-r11 + image: docker.io/bitnami/apisix-ingress-controller:1.8.1-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r15 + image: docker.io/bitnami/os-shell:12-debian-12-r19 apiVersion: v2 -appVersion: 3.8.0 +appVersion: 3.9.1 dependencies: - name: etcd repository: oci://registry-1.docker.io/bitnamicharts @@ -45,4 +45,4 @@ sources: - https://github.com/bitnami/charts/tree/main/bitnami/apisix - https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard - https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller -version: 3.0.2 +version: 3.0.3 diff --git a/bitnami/apisix/README.md b/bitnami/apisix/README.md index e4e09a726603ce..209e3599bd4cc4 100644 --- a/bitnami/apisix/README.md +++ b/bitnami/apisix/README.md @@ -278,97 +278,97 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### APISIX Data Plane parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | -| `dataPlane.enabled` | Enable APISIX | `true` | -| `dataPlane.useDaemonSet` | Deploy as DaemonSet | `false` | -| `dataPlane.replicaCount` | Number of APISIX replicas to deploy | `1` | -| `dataPlane.hostNetwork` | Use hostNetwork | `false` | -| `dataPlane.containerPorts.http` | APISIX HTTP container port | `9080` | -| `dataPlane.containerPorts.https` | APISIX HTTPS container port | `9443` | -| `dataPlane.containerPorts.control` | APISIX control container port | `9090` | -| `dataPlane.containerPorts.metrics` | APISIX metrics container port | `9099` | -| `dataPlane.livenessProbe.enabled` | Enable livenessProbe on APISIX containers | `true` | -| `dataPlane.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `dataPlane.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dataPlane.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dataPlane.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `dataPlane.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dataPlane.readinessProbe.enabled` | Enable readinessProbe on APISIX containers | `true` | -| `dataPlane.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `dataPlane.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dataPlane.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dataPlane.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `dataPlane.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dataPlane.startupProbe.enabled` | Enable startupProbe on APISIX containers | `false` | -| `dataPlane.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `dataPlane.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `dataPlane.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `dataPlane.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `dataPlane.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `dataPlane.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dataPlane.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dataPlane.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `dataPlane.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dataPlane.resources is set (dataPlane.resources is recommended for production). | `nano` | -| `dataPlane.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `dataPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` | -| `dataPlane.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `dataPlane.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `dataPlane.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `dataPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` | -| `dataPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` | -| `dataPlane.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `dataPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` | -| `dataPlane.containerSecurityContext.runAsGroup` | Set APISIX containers' Security Context runAsGroup | `1001` | -| `dataPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` | -| `dataPlane.containerSecurityContext.privileged` | Set APISIX containers' Security Context privileged | `false` | -| `dataPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` | -| `dataPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` | -| `dataPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` | -| `dataPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` | -| `dataPlane.command` | Override default container command (useful when using custom images) | `[]` | -| `dataPlane.args` | Override default container args (useful when using custom images) | `[]` | -| `dataPlane.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `dataPlane.hostAliases` | APISIX pods host aliases | `[]` | -| `dataPlane.defaultConfig` | Apisix apisix configuration (evaluated as a template) | `""` | -| `dataPlane.extraConfig` | extra configuration parameters to add to the config.yaml file in APISIX Data plane | `{}` | -| `dataPlane.existingConfigMap` | name of a ConfigMap with existing configuration for the apisix | `""` | -| `dataPlane.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the data plane | `""` | -| `dataPlane.tls.enabled` | Enable TLS transport in Data Plane | `true` | -| `dataPlane.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | -| `dataPlane.tls.existingSecret` | Name of a secret containing the certificates | `""` | -| `dataPlane.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | -| `dataPlane.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | -| `dataPlane.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | -| `dataPlane.tls.cert` | Content of the certificate to be added to the secret | `""` | -| `dataPlane.tls.key` | Content of the certificate key to be added to the secret | `""` | -| `dataPlane.tls.ca` | Content of the certificate CA to be added to the secret | `""` | -| `dataPlane.podLabels` | Extra labels for APISIX pods | `{}` | -| `dataPlane.podAnnotations` | Annotations for APISIX pods | `{}` | -| `dataPlane.podAffinityPreset` | Pod affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataPlane.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dataPlane.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `dataPlane.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `dataPlane.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `dataPlane.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataPlane.nodeAffinityPreset.key` | Node label key to match. Ignored if `apisix.affinity` is set | `""` | -| `dataPlane.nodeAffinityPreset.values` | Node label values to match. Ignored if `apisix.affinity` is set | `[]` | -| `dataPlane.affinity` | Affinity for APISIX pods assignment | `{}` | -| `dataPlane.nodeSelector` | Node labels for APISIX pods assignment | `{}` | -| `dataPlane.tolerations` | Tolerations for APISIX pods assignment | `[]` | -| `dataPlane.updateStrategy.type` | APISIX statefulset strategy type | `RollingUpdate` | -| `dataPlane.priorityClassName` | APISIX pods' priorityClassName | `""` | -| `dataPlane.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `dataPlane.schedulerName` | Name of the k8s scheduler (other than default) for APISIX pods | `""` | -| `dataPlane.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `dataPlane.lifecycleHooks` | for the APISIX container(s) to automate configuration before or after startup | `{}` | -| `dataPlane.extraEnvVars` | Array with extra environment variables to add to APISIX nodes | `[]` | -| `dataPlane.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX nodes | `""` | -| `dataPlane.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX nodes | `""` | -| `dataPlane.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX pod(s) | `[]` | -| `dataPlane.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX container(s) | `[]` | -| `dataPlane.sidecars` | Add additional sidecar containers to the APISIX pod(s) | `[]` | -| `dataPlane.initContainers` | Add additional init containers to the APISIX pod(s) | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `dataPlane.enabled` | Enable APISIX | `true` | +| `dataPlane.useDaemonSet` | Deploy as DaemonSet | `false` | +| `dataPlane.replicaCount` | Number of APISIX replicas to deploy | `1` | +| `dataPlane.hostNetwork` | Use hostNetwork | `false` | +| `dataPlane.containerPorts.http` | APISIX HTTP container port | `9080` | +| `dataPlane.containerPorts.https` | APISIX HTTPS container port | `9443` | +| `dataPlane.containerPorts.control` | APISIX control container port | `9090` | +| `dataPlane.containerPorts.metrics` | APISIX metrics container port | `9099` | +| `dataPlane.livenessProbe.enabled` | Enable livenessProbe on APISIX containers | `true` | +| `dataPlane.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `dataPlane.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dataPlane.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `dataPlane.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `dataPlane.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dataPlane.readinessProbe.enabled` | Enable readinessProbe on APISIX containers | `true` | +| `dataPlane.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `dataPlane.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dataPlane.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `dataPlane.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `dataPlane.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dataPlane.startupProbe.enabled` | Enable startupProbe on APISIX containers | `false` | +| `dataPlane.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `dataPlane.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `dataPlane.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `dataPlane.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `dataPlane.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `dataPlane.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `dataPlane.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `dataPlane.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `dataPlane.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dataPlane.resources is set (dataPlane.resources is recommended for production). | `nano` | +| `dataPlane.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `dataPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` | +| `dataPlane.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `dataPlane.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `dataPlane.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `dataPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` | +| `dataPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` | +| `dataPlane.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `dataPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` | +| `dataPlane.containerSecurityContext.runAsGroup` | Set APISIX containers' Security Context runAsGroup | `1001` | +| `dataPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` | +| `dataPlane.containerSecurityContext.privileged` | Set APISIX containers' Security Context privileged | `false` | +| `dataPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` | +| `dataPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` | +| `dataPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` | +| `dataPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` | +| `dataPlane.command` | Override default container command (useful when using custom images) | `[]` | +| `dataPlane.args` | Override default container args (useful when using custom images) | `[]` | +| `dataPlane.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `dataPlane.hostAliases` | APISIX pods host aliases | `[]` | +| `dataPlane.defaultConfig` | Apisix apisix configuration (evaluated as a template) | `""` | +| `dataPlane.extraConfig` | extra configuration parameters to add to the config.yaml file in APISIX Data plane | `{}` | +| `dataPlane.existingConfigMap` | name of a ConfigMap with existing configuration for the apisix | `""` | +| `dataPlane.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the data plane | `""` | +| `dataPlane.tls.enabled` | Enable TLS transport in Data Plane | `true` | +| `dataPlane.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | +| `dataPlane.tls.existingSecret` | Name of a secret containing the certificates | `""` | +| `dataPlane.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | +| `dataPlane.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | +| `dataPlane.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | +| `dataPlane.tls.cert` | Content of the certificate to be added to the secret | `""` | +| `dataPlane.tls.key` | Content of the certificate key to be added to the secret | `""` | +| `dataPlane.tls.ca` | Content of the certificate CA to be added to the secret | `""` | +| `dataPlane.podLabels` | Extra labels for APISIX pods | `{}` | +| `dataPlane.podAnnotations` | Annotations for APISIX pods | `{}` | +| `dataPlane.podAffinityPreset` | Pod affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dataPlane.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `dataPlane.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `dataPlane.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `dataPlane.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `dataPlane.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dataPlane.nodeAffinityPreset.key` | Node label key to match. Ignored if `apisix.affinity` is set | `""` | +| `dataPlane.nodeAffinityPreset.values` | Node label values to match. Ignored if `apisix.affinity` is set | `[]` | +| `dataPlane.affinity` | Affinity for APISIX pods assignment | `{}` | +| `dataPlane.nodeSelector` | Node labels for APISIX pods assignment | `{}` | +| `dataPlane.tolerations` | Tolerations for APISIX pods assignment | `[]` | +| `dataPlane.updateStrategy.type` | APISIX statefulset strategy type | `RollingUpdate` | +| `dataPlane.priorityClassName` | APISIX pods' priorityClassName | `""` | +| `dataPlane.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `dataPlane.schedulerName` | Name of the k8s scheduler (other than default) for APISIX pods | `""` | +| `dataPlane.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `dataPlane.lifecycleHooks` | for the APISIX container(s) to automate configuration before or after startup | `{}` | +| `dataPlane.extraEnvVars` | Array with extra environment variables to add to APISIX nodes | `[]` | +| `dataPlane.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX nodes | `""` | +| `dataPlane.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX nodes | `""` | +| `dataPlane.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX pod(s) | `[]` | +| `dataPlane.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX container(s) | `[]` | +| `dataPlane.sidecars` | Add additional sidecar containers to the APISIX pod(s) | `[]` | +| `dataPlane.initContainers` | Add additional init containers to the APISIX pod(s) | `[]` | ### APISIX Data Plane Traffic Exposure Parameters @@ -459,102 +459,102 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### APISIX Control Plane Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | -| `controlPlane.enabled` | Enable APISIX | `true` | -| `controlPlane.replicaCount` | Number of APISIX replicas to deploy | `1` | -| `controlPlane.hostNetwork` | Use hostNetwork | `false` | -| `controlPlane.useDaemonSet` | Deploy as DaemonSet | `false` | -| `controlPlane.containerPorts.adminAPI` | APISIX Admin API port | `9180` | -| `controlPlane.containerPorts.configServer` | APISIX config port | `9280` | -| `controlPlane.containerPorts.control` | APISIX control port | `9090` | -| `controlPlane.containerPorts.metrics` | APISIX metrics port | `9099` | -| `controlPlane.livenessProbe.enabled` | Enable livenessProbe on APISIX containers | `true` | -| `controlPlane.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `controlPlane.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `controlPlane.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `controlPlane.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `controlPlane.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `controlPlane.readinessProbe.enabled` | Enable readinessProbe on APISIX containers | `true` | -| `controlPlane.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `controlPlane.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `controlPlane.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `controlPlane.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `controlPlane.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `controlPlane.startupProbe.enabled` | Enable startupProbe on APISIX containers | `false` | -| `controlPlane.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `controlPlane.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `controlPlane.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `controlPlane.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `controlPlane.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `controlPlane.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `controlPlane.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `controlPlane.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `controlPlane.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controlPlane.resources is set (controlPlane.resources is recommended for production). | `nano` | -| `controlPlane.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `controlPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` | -| `controlPlane.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `controlPlane.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `controlPlane.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `controlPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` | -| `controlPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` | -| `controlPlane.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `controlPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` | -| `controlPlane.containerSecurityContext.runAsGroup` | Set APISIX containers' Security Context runAsGroup | `1001` | -| `controlPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` | -| `controlPlane.containerSecurityContext.privileged` | Set APISIX containers' Security Context privileged | `false` | -| `controlPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` | -| `controlPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` | -| `controlPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` | -| `controlPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` | -| `controlPlane.command` | Override default container command (useful when using custom images) | `[]` | -| `controlPlane.args` | Override default container args (useful when using custom images) | `[]` | -| `controlPlane.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `controlPlane.hostAliases` | APISIX pods host aliases | `[]` | -| `controlPlane.apiTokenAdmin` | Admin API Token for APISIX control plane | `""` | -| `controlPlane.apiTokenViewer` | Viewer API Token for APISIX control plane | `""` | -| `controlPlane.existingSecret` | Name of a secret containing API Tokens for APISIX control plane | `""` | -| `controlPlane.existingSecretAdminTokenKey` | Key inside the secret containing the Admin API Tokens for APISIX control plane | `""` | -| `controlPlane.existingSecretViewerTokenKey` | Key inside the secret containing the Viewer API Tokens for APISIX control plane | `""` | -| `controlPlane.defaultConfig` | Apisix apisix configuration (evaluated as a template) | `""` | -| `controlPlane.extraConfig` | extra configuration parameters to add to the config.yaml file in APISIX Control plane | `{}` | -| `controlPlane.existingConfigMap` | name of a ConfigMap with existing configuration for the apisix | `""` | -| `controlPlane.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the conrol plane | `""` | -| `controlPlane.tls.enabled` | Enable TLS transport in Control Plane | `true` | -| `controlPlane.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | -| `controlPlane.tls.existingSecret` | Name of a secret containing the certificates | `""` | -| `controlPlane.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | -| `controlPlane.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | -| `controlPlane.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | -| `controlPlane.tls.cert` | Content of the certificate to be added to the secret | `""` | -| `controlPlane.tls.key` | Content of the certificate key to be added to the secret | `""` | -| `controlPlane.tls.ca` | Content of the certificate CA to be added to the secret | `""` | -| `controlPlane.podLabels` | Extra labels for APISIX pods | `{}` | -| `controlPlane.podAnnotations` | Annotations for APISIX pods | `{}` | -| `controlPlane.podAffinityPreset` | Pod affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `controlPlane.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `controlPlane.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `controlPlane.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `controlPlane.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `controlPlane.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `controlPlane.nodeAffinityPreset.key` | Node label key to match. Ignored if `apisix.affinity` is set | `""` | -| `controlPlane.nodeAffinityPreset.values` | Node label values to match. Ignored if `apisix.affinity` is set | `[]` | -| `controlPlane.affinity` | Affinity for APISIX pods assignment | `{}` | -| `controlPlane.nodeSelector` | Node labels for APISIX pods assignment | `{}` | -| `controlPlane.tolerations` | Tolerations for APISIX pods assignment | `[]` | -| `controlPlane.updateStrategy.type` | APISIX statefulset strategy type | `RollingUpdate` | -| `controlPlane.priorityClassName` | APISIX pods' priorityClassName | `""` | -| `controlPlane.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `controlPlane.schedulerName` | Name of the k8s scheduler (other than default) for APISIX pods | `""` | -| `controlPlane.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `controlPlane.lifecycleHooks` | for the APISIX container(s) to automate configuration before or after startup | `{}` | -| `controlPlane.extraEnvVars` | Array with extra environment variables to add to APISIX nodes | `[]` | -| `controlPlane.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX nodes | `""` | -| `controlPlane.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX nodes | `""` | -| `controlPlane.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX pod(s) | `[]` | -| `controlPlane.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX container(s) | `[]` | -| `controlPlane.sidecars` | Add additional sidecar containers to the APISIX pod(s) | `[]` | -| `controlPlane.initContainers` | Add additional init containers to the APISIX pod(s) | `[]` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `controlPlane.enabled` | Enable APISIX | `true` | +| `controlPlane.replicaCount` | Number of APISIX replicas to deploy | `1` | +| `controlPlane.hostNetwork` | Use hostNetwork | `false` | +| `controlPlane.useDaemonSet` | Deploy as DaemonSet | `false` | +| `controlPlane.containerPorts.adminAPI` | APISIX Admin API port | `9180` | +| `controlPlane.containerPorts.configServer` | APISIX config port | `9280` | +| `controlPlane.containerPorts.control` | APISIX control port | `9090` | +| `controlPlane.containerPorts.metrics` | APISIX metrics port | `9099` | +| `controlPlane.livenessProbe.enabled` | Enable livenessProbe on APISIX containers | `true` | +| `controlPlane.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `controlPlane.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `controlPlane.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `controlPlane.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `controlPlane.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `controlPlane.readinessProbe.enabled` | Enable readinessProbe on APISIX containers | `true` | +| `controlPlane.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `controlPlane.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `controlPlane.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `controlPlane.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `controlPlane.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `controlPlane.startupProbe.enabled` | Enable startupProbe on APISIX containers | `false` | +| `controlPlane.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `controlPlane.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `controlPlane.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `controlPlane.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `controlPlane.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `controlPlane.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `controlPlane.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `controlPlane.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `controlPlane.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controlPlane.resources is set (controlPlane.resources is recommended for production). | `nano` | +| `controlPlane.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `controlPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` | +| `controlPlane.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `controlPlane.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `controlPlane.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `controlPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` | +| `controlPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` | +| `controlPlane.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `controlPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` | +| `controlPlane.containerSecurityContext.runAsGroup` | Set APISIX containers' Security Context runAsGroup | `1001` | +| `controlPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` | +| `controlPlane.containerSecurityContext.privileged` | Set APISIX containers' Security Context privileged | `false` | +| `controlPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` | +| `controlPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` | +| `controlPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` | +| `controlPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` | +| `controlPlane.command` | Override default container command (useful when using custom images) | `[]` | +| `controlPlane.args` | Override default container args (useful when using custom images) | `[]` | +| `controlPlane.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `controlPlane.hostAliases` | APISIX pods host aliases | `[]` | +| `controlPlane.apiTokenAdmin` | Admin API Token for APISIX control plane | `""` | +| `controlPlane.apiTokenViewer` | Viewer API Token for APISIX control plane | `""` | +| `controlPlane.existingSecret` | Name of a secret containing API Tokens for APISIX control plane | `""` | +| `controlPlane.existingSecretAdminTokenKey` | Key inside the secret containing the Admin API Tokens for APISIX control plane | `""` | +| `controlPlane.existingSecretViewerTokenKey` | Key inside the secret containing the Viewer API Tokens for APISIX control plane | `""` | +| `controlPlane.defaultConfig` | Apisix apisix configuration (evaluated as a template) | `""` | +| `controlPlane.extraConfig` | extra configuration parameters to add to the config.yaml file in APISIX Control plane | `{}` | +| `controlPlane.existingConfigMap` | name of a ConfigMap with existing configuration for the apisix | `""` | +| `controlPlane.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the conrol plane | `""` | +| `controlPlane.tls.enabled` | Enable TLS transport in Control Plane | `true` | +| `controlPlane.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | +| `controlPlane.tls.existingSecret` | Name of a secret containing the certificates | `""` | +| `controlPlane.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | +| `controlPlane.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | +| `controlPlane.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | +| `controlPlane.tls.cert` | Content of the certificate to be added to the secret | `""` | +| `controlPlane.tls.key` | Content of the certificate key to be added to the secret | `""` | +| `controlPlane.tls.ca` | Content of the certificate CA to be added to the secret | `""` | +| `controlPlane.podLabels` | Extra labels for APISIX pods | `{}` | +| `controlPlane.podAnnotations` | Annotations for APISIX pods | `{}` | +| `controlPlane.podAffinityPreset` | Pod affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `controlPlane.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `controlPlane.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `controlPlane.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `controlPlane.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `controlPlane.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `apisix.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `controlPlane.nodeAffinityPreset.key` | Node label key to match. Ignored if `apisix.affinity` is set | `""` | +| `controlPlane.nodeAffinityPreset.values` | Node label values to match. Ignored if `apisix.affinity` is set | `[]` | +| `controlPlane.affinity` | Affinity for APISIX pods assignment | `{}` | +| `controlPlane.nodeSelector` | Node labels for APISIX pods assignment | `{}` | +| `controlPlane.tolerations` | Tolerations for APISIX pods assignment | `[]` | +| `controlPlane.updateStrategy.type` | APISIX statefulset strategy type | `RollingUpdate` | +| `controlPlane.priorityClassName` | APISIX pods' priorityClassName | `""` | +| `controlPlane.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `controlPlane.schedulerName` | Name of the k8s scheduler (other than default) for APISIX pods | `""` | +| `controlPlane.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `controlPlane.lifecycleHooks` | for the APISIX container(s) to automate configuration before or after startup | `{}` | +| `controlPlane.extraEnvVars` | Array with extra environment variables to add to APISIX nodes | `[]` | +| `controlPlane.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX nodes | `""` | +| `controlPlane.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX nodes | `""` | +| `controlPlane.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX pod(s) | `[]` | +| `controlPlane.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX container(s) | `[]` | +| `controlPlane.sidecars` | Add additional sidecar containers to the APISIX pod(s) | `[]` | +| `controlPlane.initContainers` | Add additional init containers to the APISIX pod(s) | `[]` | ### APISIX Control Plane Traffic Exposure Parameters @@ -645,103 +645,103 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### APISIX Dashboard Parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------- | -| `dashboard.enabled` | Enable APISIX Dashboard | `true` | -| `dashboard.replicaCount` | Number of APISIX Dashboard replicas to deploy | `1` | -| `dashboard.image.registry` | APISIX Dashboard image registry | `REGISTRY_NAME` | -| `dashboard.image.repository` | APISIX Dashboard image repository | `REPOSITORY_NAME/apisix-dashboard` | -| `dashboard.image.digest` | APISIX Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `dashboard.image.pullPolicy` | APISIX Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | APISIX Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable APISIX Dashboard image debug mode | `false` | -| `dashboard.username` | APISIX Dashboard username | `user` | -| `dashboard.password` | APISIX Dashboard password | `""` | -| `dashboard.existingSecret` | Name of a existing secret containing the password for APISIX Dashboard | `""` | -| `dashboard.existingSecretPasswordKey` | Key inside the secret containing the password for APISIX Dashboard | `""` | -| `dashboard.defaultConfig` | APISIX Dashboard configuration (evaluated as a template) | `""` | -| `dashboard.extraConfig` | extra configuration settings for APISIX Dashboard | `{}` | -| `dashboard.existingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | -| `dashboard.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | -| `dashboard.tls.enabled` | Enable TLS transport in Dashboard | `true` | -| `dashboard.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | -| `dashboard.tls.existingSecret` | Name of a secret containing the certificates | `""` | -| `dashboard.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | -| `dashboard.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | -| `dashboard.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | -| `dashboard.tls.cert` | Content of the certificate to be added to the secret | `""` | -| `dashboard.tls.key` | Content of the certificate key to be added to the secret | `""` | -| `dashboard.tls.ca` | Content of the certificate CA to be added to the secret | `""` | -| `dashboard.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `dashboard.hostAliases` | APISIX Dashboard pods host aliases | `[]` | -| `dashboard.podLabels` | Extra labels for APISIX Dashboard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for APISIX Dashboard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `dashboard.affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `dashboard.affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for APISIX Dashboard pods assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for APISIX Dashboard pods assignment | `{}` | -| `dashboard.tolerations` | Tolerations for APISIX Dashboard pods assignment | `[]` | -| `dashboard.updateStrategy.type` | APISIX Dashboard statefulset strategy type | `RollingUpdate` | -| `dashboard.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `dashboard.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `dashboard.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `dashboard.priorityClassName` | APISIX Dashboard pods' priorityClassName | `""` | -| `dashboard.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `dashboard.schedulerName` | Name of the k8s scheduler (other than default) for APISIX Dashboard pods | `""` | -| `dashboard.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX Dashboard pod(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the APISIX Dashboard pod(s) | `[]` | -| `dashboard.initContainers` | Add additional init containers to the APISIX Dashboard pod(s) | `[]` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerPorts.http` | Dashboard http container port | `8080` | -| `dashboard.containerPorts.https` | Dashboard https container port | `8443` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe on Dashboard container | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe on Dashboard container | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.startupProbe.enabled` | Enable startupProbe on Dashboard container | `false` | -| `dashboard.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `dashboard.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `dashboard.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `dashboard.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `dashboard.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `dashboard.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). | `nano` | -| `dashboard.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard container' Security Context | `true` | -| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container' Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsGroup` | Set Dashboard container' Security Context runAsGroup | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container' Security Context runAsNonRoot | `true` | -| `dashboard.containerSecurityContext.privileged` | Set Dashboard container' Security Context privileged | `false` | -| `dashboard.containerSecurityContext.readOnlyRootFilesystem` | Set Dashboard container' Security Context runAsNonRoot | `true` | -| `dashboard.containerSecurityContext.allowPrivilegeEscalation` | Set Dashboard container's privilege escalation | `false` | -| `dashboard.containerSecurityContext.capabilities.drop` | Set Dashboard container's Security Context runAsNonRoot | `["ALL"]` | -| `dashboard.containerSecurityContext.seccompProfile.type` | Set Dashboard container's Security Context seccomp profile | `RuntimeDefault` | -| `dashboard.command` | Override default container command (useful when using custom images) | `[]` | -| `dashboard.args` | Override default container args (useful when using custom images) | `[]` | -| `dashboard.lifecycleHooks` | for the Dashboard container(s) to automate configuration before or after startup | `{}` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to Dashboard nodes | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Dashboard nodes | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Dashboard nodes | `""` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX Dashboard container | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | +| `dashboard.enabled` | Enable APISIX Dashboard | `true` | +| `dashboard.replicaCount` | Number of APISIX Dashboard replicas to deploy | `1` | +| `dashboard.image.registry` | APISIX Dashboard image registry | `REGISTRY_NAME` | +| `dashboard.image.repository` | APISIX Dashboard image repository | `REPOSITORY_NAME/apisix-dashboard` | +| `dashboard.image.digest` | APISIX Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `dashboard.image.pullPolicy` | APISIX Dashboard image pull policy | `IfNotPresent` | +| `dashboard.image.pullSecrets` | APISIX Dashboard image pull secrets | `[]` | +| `dashboard.image.debug` | Enable APISIX Dashboard image debug mode | `false` | +| `dashboard.username` | APISIX Dashboard username | `user` | +| `dashboard.password` | APISIX Dashboard password | `""` | +| `dashboard.existingSecret` | Name of a existing secret containing the password for APISIX Dashboard | `""` | +| `dashboard.existingSecretPasswordKey` | Key inside the secret containing the password for APISIX Dashboard | `""` | +| `dashboard.defaultConfig` | APISIX Dashboard configuration (evaluated as a template) | `""` | +| `dashboard.extraConfig` | extra configuration settings for APISIX Dashboard | `{}` | +| `dashboard.existingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | +| `dashboard.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | +| `dashboard.tls.enabled` | Enable TLS transport in Dashboard | `true` | +| `dashboard.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | +| `dashboard.tls.existingSecret` | Name of a secret containing the certificates | `""` | +| `dashboard.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | +| `dashboard.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | +| `dashboard.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | +| `dashboard.tls.cert` | Content of the certificate to be added to the secret | `""` | +| `dashboard.tls.key` | Content of the certificate key to be added to the secret | `""` | +| `dashboard.tls.ca` | Content of the certificate CA to be added to the secret | `""` | +| `dashboard.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `dashboard.hostAliases` | APISIX Dashboard pods host aliases | `[]` | +| `dashboard.podLabels` | Extra labels for APISIX Dashboard pods | `{}` | +| `dashboard.podAnnotations` | Annotations for APISIX Dashboard pods | `{}` | +| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `dashboard.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `dashboard.affinity` is set | `""` | +| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `dashboard.affinity` is set | `[]` | +| `dashboard.affinity` | Affinity for APISIX Dashboard pods assignment | `{}` | +| `dashboard.nodeSelector` | Node labels for APISIX Dashboard pods assignment | `{}` | +| `dashboard.tolerations` | Tolerations for APISIX Dashboard pods assignment | `[]` | +| `dashboard.updateStrategy.type` | APISIX Dashboard statefulset strategy type | `RollingUpdate` | +| `dashboard.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `dashboard.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `dashboard.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `dashboard.priorityClassName` | APISIX Dashboard pods' priorityClassName | `""` | +| `dashboard.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `dashboard.schedulerName` | Name of the k8s scheduler (other than default) for APISIX Dashboard pods | `""` | +| `dashboard.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX Dashboard pod(s) | `[]` | +| `dashboard.sidecars` | Add additional sidecar containers to the APISIX Dashboard pod(s) | `[]` | +| `dashboard.initContainers` | Add additional init containers to the APISIX Dashboard pod(s) | `[]` | +| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | +| `dashboard.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `dashboard.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `dashboard.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | +| `dashboard.containerPorts.http` | Dashboard http container port | `8080` | +| `dashboard.containerPorts.https` | Dashboard https container port | `8443` | +| `dashboard.livenessProbe.enabled` | Enable livenessProbe on Dashboard container | `true` | +| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dashboard.readinessProbe.enabled` | Enable readinessProbe on Dashboard container | `true` | +| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dashboard.startupProbe.enabled` | Enable startupProbe on Dashboard container | `false` | +| `dashboard.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `dashboard.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `dashboard.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `dashboard.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `dashboard.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `dashboard.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `dashboard.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). | `nano` | +| `dashboard.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard container' Security Context | `true` | +| `dashboard.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container' Security Context runAsUser | `1001` | +| `dashboard.containerSecurityContext.runAsGroup` | Set Dashboard container' Security Context runAsGroup | `1001` | +| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container' Security Context runAsNonRoot | `true` | +| `dashboard.containerSecurityContext.privileged` | Set Dashboard container' Security Context privileged | `false` | +| `dashboard.containerSecurityContext.readOnlyRootFilesystem` | Set Dashboard container' Security Context runAsNonRoot | `true` | +| `dashboard.containerSecurityContext.allowPrivilegeEscalation` | Set Dashboard container's privilege escalation | `false` | +| `dashboard.containerSecurityContext.capabilities.drop` | Set Dashboard container's Security Context runAsNonRoot | `["ALL"]` | +| `dashboard.containerSecurityContext.seccompProfile.type` | Set Dashboard container's Security Context seccomp profile | `RuntimeDefault` | +| `dashboard.command` | Override default container command (useful when using custom images) | `[]` | +| `dashboard.args` | Override default container args (useful when using custom images) | `[]` | +| `dashboard.lifecycleHooks` | for the Dashboard container(s) to automate configuration before or after startup | `{}` | +| `dashboard.extraEnvVars` | Array with extra environment variables to add to Dashboard nodes | `[]` | +| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Dashboard nodes | `""` | +| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Dashboard nodes | `""` | +| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX Dashboard container | `[]` | ### APISIX Dashboard Traffic Exposure Parameters @@ -809,99 +809,99 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### APISIX Ingress Controller Parameters -| Name | Description | Value | -| --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -| `ingressController.enabled` | Enable APISIX Ingress Controller | `true` | -| `ingressController.image.registry` | APISIX Ingress Controller image registry | `REGISTRY_NAME` | -| `ingressController.image.repository` | APISIX Ingress Controller image repository | `REPOSITORY_NAME/apisix-ingress-controller` | -| `ingressController.image.digest` | APISIX Ingress Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `ingressController.image.pullPolicy` | APISIX Ingress Controller image pull policy | `IfNotPresent` | -| `ingressController.image.pullSecrets` | APISIX Ingress Controller image pull secrets | `[]` | -| `ingressController.image.debug` | Enable APISIX Ingress Controller image debug mode | `false` | -| `ingressController.replicaCount` | Number of APISIX Ingress Controller replicas to deploy | `1` | -| `ingressController.containerPorts.http` | APISIX Ingress Controller http container port | `8080` | -| `ingressController.containerPorts.https` | APISIX Ingress Controller https container port | `8443` | -| `ingressController.livenessProbe.enabled` | Enable livenessProbe on APISIX Ingress Controller containers | `true` | -| `ingressController.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `ingressController.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ingressController.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `ingressController.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `ingressController.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ingressController.readinessProbe.enabled` | Enable readinessProbe on APISIX Ingress Controller containers | `true` | -| `ingressController.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `ingressController.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ingressController.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `ingressController.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `ingressController.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ingressController.startupProbe.enabled` | Enable startupProbe on APISIX Ingress Controller containers | `false` | -| `ingressController.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `ingressController.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ingressController.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `ingressController.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `ingressController.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ingressController.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ingressController.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ingressController.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ingressController.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingressController.resources is set (ingressController.resources is recommended for production). | `nano` | -| `ingressController.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `ingressController.podSecurityContext.enabled` | Enabled APISIX Ingress Controller pods' Security Context | `true` | -| `ingressController.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ingressController.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ingressController.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ingressController.podSecurityContext.fsGroup` | Set APISIX Ingress Controller pod's Security Context fsGroup | `1001` | -| `ingressController.containerSecurityContext.enabled` | Enabled APISIX Ingress Controller containers' Security Context | `true` | -| `ingressController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `ingressController.containerSecurityContext.runAsUser` | Set APISIX Ingress Controller containers' Security Context runAsUser | `1001` | -| `ingressController.containerSecurityContext.runAsGroup` | Set APISIX Ingress Controller containers' Security Context runAsGroup | `1001` | -| `ingressController.containerSecurityContext.runAsNonRoot` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` | -| `ingressController.containerSecurityContext.privileged` | Set APISIX Ingress Controller containers' Security Context privileged | `false` | -| `ingressController.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` | -| `ingressController.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX Ingress Controller container's privilege escalation | `false` | -| `ingressController.containerSecurityContext.capabilities.drop` | Set APISIX Ingress Controller container's Security Context runAsNonRoot | `["ALL"]` | -| `ingressController.containerSecurityContext.seccompProfile.type` | Set APISIX Ingress Controller container's Security Context seccomp profile | `RuntimeDefault` | -| `ingressController.command` | Override default container command (useful when using custom images) | `[]` | -| `ingressController.args` | Override default container args (useful when using custom images) | `[]` | -| `ingressController.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `ingressController.hostAliases` | APISIX Ingress Controller pods host aliases | `[]` | -| `ingressController.podLabels` | Extra labels for APISIX Ingress Controller pods | `{}` | -| `ingressController.podAnnotations` | Annotations for APISIX Ingress Controller pods | `{}` | -| `ingressController.podAffinityPreset` | Pod affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingressController.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ingressController.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `ingressController.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `ingressController.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `ingressController.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingressController.nodeAffinityPreset.key` | Node label key to match. Ignored if `injector.affinity` is set | `""` | -| `ingressController.nodeAffinityPreset.values` | Node label values to match. Ignored if `injector.affinity` is set | `[]` | -| `ingressController.affinity` | Affinity for APISIX Ingress Controller pods assignment | `{}` | -| `ingressController.nodeSelector` | Node labels for APISIX Ingress Controller pods assignment | `{}` | -| `ingressController.tolerations` | Tolerations for APISIX Ingress Controller pods assignment | `[]` | -| `ingressController.updateStrategy.type` | APISIX Ingress Controller statefulset strategy type | `RollingUpdate` | -| `ingressController.priorityClassName` | APISIX Ingress Controller pods' priorityClassName | `""` | -| `ingressController.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `ingressController.schedulerName` | Name of the k8s scheduler (other than default) for APISIX Ingress Controller pods | `""` | -| `ingressController.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `ingressController.lifecycleHooks` | for the APISIX Ingress Controller container(s) to automate configuration before or after startup | `{}` | -| `ingressController.extraEnvVars` | Array with extra environment variables to add to APISIX Ingress Controller nodes | `[]` | -| `ingressController.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX Ingress Controller nodes | `""` | -| `ingressController.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX Ingress Controller nodes | `""` | -| `ingressController.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX Ingress Controller pod(s) | `[]` | -| `ingressController.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX Ingress Controller container(s) | `[]` | -| `ingressController.sidecars` | Add additional sidecar containers to the APISIX Ingress Controller pod(s) | `[]` | -| `ingressController.initContainers` | Add additional init containers to the APISIX Ingress Controller pod(s) | `[]` | -| `ingressController.defaultConfig` | APISIX Dashboard configuration (evaluated as a template) | `""` | -| `ingressController.extraConfig` | Extra configuration parameters for APISIX Ingress Controller | `{}` | -| `ingressController.existingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | -| `ingressController.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | -| `ingressController.tls.enabled` | Enable TLS transport in Ingress Controller | `true` | -| `ingressController.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | -| `ingressController.tls.existingSecret` | Name of a secret containing the certificates | `""` | -| `ingressController.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | -| `ingressController.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | -| `ingressController.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | -| `ingressController.tls.cert` | Content of the certificate to be added to the secret | `""` | -| `ingressController.tls.key` | Content of the certificate key to be added to the secret | `""` | -| `ingressController.tls.ca` | Content of the certificate CA to be added to the secret | `""` | +| Name | Description | Value | +| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | +| `ingressController.enabled` | Enable APISIX Ingress Controller | `true` | +| `ingressController.image.registry` | APISIX Ingress Controller image registry | `REGISTRY_NAME` | +| `ingressController.image.repository` | APISIX Ingress Controller image repository | `REPOSITORY_NAME/apisix-ingress-controller` | +| `ingressController.image.digest` | APISIX Ingress Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `ingressController.image.pullPolicy` | APISIX Ingress Controller image pull policy | `IfNotPresent` | +| `ingressController.image.pullSecrets` | APISIX Ingress Controller image pull secrets | `[]` | +| `ingressController.image.debug` | Enable APISIX Ingress Controller image debug mode | `false` | +| `ingressController.replicaCount` | Number of APISIX Ingress Controller replicas to deploy | `1` | +| `ingressController.containerPorts.http` | APISIX Ingress Controller http container port | `8080` | +| `ingressController.containerPorts.https` | APISIX Ingress Controller https container port | `8443` | +| `ingressController.livenessProbe.enabled` | Enable livenessProbe on APISIX Ingress Controller containers | `true` | +| `ingressController.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `ingressController.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ingressController.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `ingressController.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `ingressController.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ingressController.readinessProbe.enabled` | Enable readinessProbe on APISIX Ingress Controller containers | `true` | +| `ingressController.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `ingressController.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ingressController.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `ingressController.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `ingressController.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ingressController.startupProbe.enabled` | Enable startupProbe on APISIX Ingress Controller containers | `false` | +| `ingressController.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `ingressController.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `ingressController.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `ingressController.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `ingressController.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ingressController.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ingressController.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ingressController.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ingressController.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingressController.resources is set (ingressController.resources is recommended for production). | `nano` | +| `ingressController.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ingressController.podSecurityContext.enabled` | Enabled APISIX Ingress Controller pods' Security Context | `true` | +| `ingressController.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ingressController.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ingressController.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ingressController.podSecurityContext.fsGroup` | Set APISIX Ingress Controller pod's Security Context fsGroup | `1001` | +| `ingressController.containerSecurityContext.enabled` | Enabled APISIX Ingress Controller containers' Security Context | `true` | +| `ingressController.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `ingressController.containerSecurityContext.runAsUser` | Set APISIX Ingress Controller containers' Security Context runAsUser | `1001` | +| `ingressController.containerSecurityContext.runAsGroup` | Set APISIX Ingress Controller containers' Security Context runAsGroup | `1001` | +| `ingressController.containerSecurityContext.runAsNonRoot` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` | +| `ingressController.containerSecurityContext.privileged` | Set APISIX Ingress Controller containers' Security Context privileged | `false` | +| `ingressController.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` | +| `ingressController.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX Ingress Controller container's privilege escalation | `false` | +| `ingressController.containerSecurityContext.capabilities.drop` | Set APISIX Ingress Controller container's Security Context runAsNonRoot | `["ALL"]` | +| `ingressController.containerSecurityContext.seccompProfile.type` | Set APISIX Ingress Controller container's Security Context seccomp profile | `RuntimeDefault` | +| `ingressController.command` | Override default container command (useful when using custom images) | `[]` | +| `ingressController.args` | Override default container args (useful when using custom images) | `[]` | +| `ingressController.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `ingressController.hostAliases` | APISIX Ingress Controller pods host aliases | `[]` | +| `ingressController.podLabels` | Extra labels for APISIX Ingress Controller pods | `{}` | +| `ingressController.podAnnotations` | Annotations for APISIX Ingress Controller pods | `{}` | +| `ingressController.podAffinityPreset` | Pod affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingressController.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ingressController.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `ingressController.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `ingressController.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `ingressController.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `injector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingressController.nodeAffinityPreset.key` | Node label key to match. Ignored if `injector.affinity` is set | `""` | +| `ingressController.nodeAffinityPreset.values` | Node label values to match. Ignored if `injector.affinity` is set | `[]` | +| `ingressController.affinity` | Affinity for APISIX Ingress Controller pods assignment | `{}` | +| `ingressController.nodeSelector` | Node labels for APISIX Ingress Controller pods assignment | `{}` | +| `ingressController.tolerations` | Tolerations for APISIX Ingress Controller pods assignment | `[]` | +| `ingressController.updateStrategy.type` | APISIX Ingress Controller statefulset strategy type | `RollingUpdate` | +| `ingressController.priorityClassName` | APISIX Ingress Controller pods' priorityClassName | `""` | +| `ingressController.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `ingressController.schedulerName` | Name of the k8s scheduler (other than default) for APISIX Ingress Controller pods | `""` | +| `ingressController.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `ingressController.lifecycleHooks` | for the APISIX Ingress Controller container(s) to automate configuration before or after startup | `{}` | +| `ingressController.extraEnvVars` | Array with extra environment variables to add to APISIX Ingress Controller nodes | `[]` | +| `ingressController.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for APISIX Ingress Controller nodes | `""` | +| `ingressController.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for APISIX Ingress Controller nodes | `""` | +| `ingressController.extraVolumes` | Optionally specify extra list of additional volumes for the APISIX Ingress Controller pod(s) | `[]` | +| `ingressController.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the APISIX Ingress Controller container(s) | `[]` | +| `ingressController.sidecars` | Add additional sidecar containers to the APISIX Ingress Controller pod(s) | `[]` | +| `ingressController.initContainers` | Add additional init containers to the APISIX Ingress Controller pod(s) | `[]` | +| `ingressController.defaultConfig` | APISIX Dashboard configuration (evaluated as a template) | `""` | +| `ingressController.extraConfig` | Extra configuration parameters for APISIX Ingress Controller | `{}` | +| `ingressController.existingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | +| `ingressController.extraConfigExistingConfigMap` | name of a ConfigMap with existing configuration for the Dashboard | `""` | +| `ingressController.tls.enabled` | Enable TLS transport in Ingress Controller | `true` | +| `ingressController.tls.autoGenerated` | Auto-generate self-signed certificates | `true` | +| `ingressController.tls.existingSecret` | Name of a secret containing the certificates | `""` | +| `ingressController.tls.certFilename` | Path of the certificate file when mounted as a secret | `tls.crt` | +| `ingressController.tls.certKeyFilename` | Path of the certificate key file when mounted as a secret | `tls.key` | +| `ingressController.tls.certCAFilename` | Path of the certificate CA file when mounted as a secret | `ca.crt` | +| `ingressController.tls.cert` | Content of the certificate to be added to the secret | `""` | +| `ingressController.tls.key` | Content of the certificate key to be added to the secret | `""` | +| `ingressController.tls.ca` | Content of the certificate CA to be added to the secret | `""` | ### APISIX Ingress Controller Traffic Exposure Parameters diff --git a/bitnami/apisix/crds/crds.yaml b/bitnami/apisix/crds/crds.yaml index 5691cc209996f7..9c8a51d745f082 100644 --- a/bitnami/apisix/crds/crds.yaml +++ b/bitnami/apisix/crds/crds.yaml @@ -1,5 +1,5 @@ -# Source: https://github.com/apache/apisix-ingress-controller/samples/deploy/crd?ref={version} -# Version: 1.8.0 +# Source: https://github.com/apache/apisix-ingress-controller/samples/deploy/crd?ref=v{version} +# Version: 1.8.1 # VersionOf: apisix-ingress-controller # UseKustomize: true apiVersion: apiextensions.k8s.io/v1 @@ -702,7 +702,6 @@ spec: type: array paths: items: - pattern: ^/[a-zA-Z0-9\-._~%!$&'()+,;=:@/]*\*?$ type: string minItems: 1 type: array @@ -720,6 +719,9 @@ spec: plugin_config_name: minLength: 1 type: string + plugin_config_namespace: + minLength: 1 + type: string plugins: items: properties: diff --git a/bitnami/apisix/values.schema.json b/bitnami/apisix/values.schema.json index 672f380a7f1f5c..2a2346c3a3f83f 100644 --- a/bitnami/apisix/values.schema.json +++ b/bitnami/apisix/values.schema.json @@ -409,7 +409,7 @@ "defaultConfig": { "type": "string", "description": "Apisix apisix configuration (evaluated as a template)", - "default": "{{- if .Values.dataPlane.metrics.enabled }}\nplugin_attr:\n prometheus:\n export_uri: /apisix/prometheus/metrics\n metric_prefix: apisix_\n enable_export_server: true\n export_addr:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.metrics }}\n{{- end }}\napisix:\n node_listen: {{ .Values.dataPlane.containerPorts.http }}\n enable_admin: false\n {{- if .Values.dataPlane.tls.enabled }}\n ssl:\n enable: true\n listen:\n - port: {{ .Values.dataPlane.containerPorts.https }}\n enable_http2: true\n ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n {{- end }}\n control:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.control }}\nnginx_config:\n error_log: /dev/stderr\n stream:\n access_log: /dev/stdout\n http:\n access_log: /dev/stdout\n http_configuration_snippet: |\n proxy_buffering off;\ndeployment:\n role: data_plane\n role_data_plane:\n config_provider: etcd\n {{- if .Values.controlPlane.enabled }}\n control_plane:\n host:\n - {{ ternary \"https\" \"http\" .Values.controlPlane.tls.enabled }}://{{ include \"apisix.control-plane.fullname\" . }}:{{ .Values.controlPlane.service.ports.configServer }}\n prefix: /apisix\n timeout: 30\n {{- end }}\n {{- if .Values.dataPlane.tls.enabled }}\n certs:\n {{- if .Values.dataPlane.tls.enabled }}\n cert: /bitnami/certs/{{ .Values.dataPlane.tls.certFilename }}\n cert_key: /bitnami/certs/{{ .Values.dataPlane.tls.certKeyFilename }}\n {{- if .Values.dataPlane.tls.certCAFilename }}\n client_ca_cert: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n {{- end }}\n {{- end }}\n {{- end }}\ndiscovery:\n kubernetes:\n service:\n # apiserver schema, options [http, https]\n schema: https #default https\n\n # apiserver host, options [ipv4, ipv6, domain, environment variable]\n host: ${KUBERNETES_SERVICE_HOST} #default ${KUBERNETES_SERVICE_HOST}\n\n # apiserver port, options [port number, environment variable]\n port: ${KUBERNETES_SERVICE_PORT} #default ${KUBERNETES_SERVICE_PORT}\n\n client:\n # serviceaccount token or token_file\n token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0\n" + "default": "{{- if .Values.dataPlane.metrics.enabled }}\nplugin_attr:\n prometheus:\n export_uri: /apisix/prometheus/metrics\n metric_prefix: apisix_\n enable_export_server: true\n export_addr:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.metrics }}\n{{- end }}\napisix:\n node_listen: {{ .Values.dataPlane.containerPorts.http }}\n enable_admin: false\n {{- if .Values.dataPlane.tls.enabled }}\n ssl:\n enable: true\n listen:\n - port: {{ .Values.dataPlane.containerPorts.https }}\n ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n enable_http2: true\n {{- end }}\n control:\n ip: 0.0.0.0\n port: {{ .Values.dataPlane.containerPorts.control }}\nnginx_config:\n error_log: /dev/stderr\n stream:\n access_log: /dev/stdout\n http:\n access_log: /dev/stdout\n http_configuration_snippet: |\n proxy_buffering off;\ndeployment:\n role: data_plane\n role_data_plane:\n config_provider: etcd\n {{- if .Values.controlPlane.enabled }}\n control_plane:\n host:\n - {{ ternary \"https\" \"http\" .Values.controlPlane.tls.enabled }}://{{ include \"apisix.control-plane.fullname\" . }}:{{ .Values.controlPlane.service.ports.configServer }}\n prefix: /apisix\n timeout: 30\n {{- end }}\n {{- if .Values.dataPlane.tls.enabled }}\n certs:\n {{- if .Values.dataPlane.tls.enabled }}\n cert: /bitnami/certs/{{ .Values.dataPlane.tls.certFilename }}\n cert_key: /bitnami/certs/{{ .Values.dataPlane.tls.certKeyFilename }}\n {{- if .Values.dataPlane.tls.certCAFilename }}\n client_ca_cert: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}\n {{- end }}\n {{- end }}\n {{- end }}\ndiscovery:\n kubernetes:\n service:\n # apiserver schema, options [http, https]\n schema: https #default https\n\n # apiserver host, options [ipv4, ipv6, domain, environment variable]\n host: ${KUBERNETES_SERVICE_HOST} #default ${KUBERNETES_SERVICE_HOST}\n\n # apiserver port, options [port number, environment variable]\n port: ${KUBERNETES_SERVICE_PORT} #default ${KUBERNETES_SERVICE_PORT}\n\n client:\n # serviceaccount token or token_file\n token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0\n" }, "existingConfigMap": { "type": "string", diff --git a/bitnami/apisix/values.yaml b/bitnami/apisix/values.yaml index 79db2648cc8316..1a6bd499a82235 100644 --- a/bitnami/apisix/values.yaml +++ b/bitnami/apisix/values.yaml @@ -82,7 +82,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/apisix - tag: 3.8.0-debian-12-r7 + tag: 3.9.1-debian-12-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -269,8 +269,8 @@ dataPlane: enable: true listen: - port: {{ .Values.dataPlane.containerPorts.https }} - enable_http2: true ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }} + enable_http2: true {{- end }} control: ip: 0.0.0.0 @@ -1665,7 +1665,7 @@ dashboard: image: registry: docker.io repository: bitnami/apisix-dashboard - tag: 3.0.1-debian-12-r21 + tag: 3.0.1-debian-12-r28 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2402,7 +2402,7 @@ ingressController: image: registry: docker.io repository: bitnami/apisix-ingress-controller - tag: 1.8.0-debian-12-r11 + tag: 1.8.1-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3106,7 +3106,7 @@ waitContainer: image: registry: docker.io repository: bitnami/os-shell - tag: 12-debian-12-r15 + tag: 12-debian-12-r19 digest: "" ## @param waitContainer.image.pullPolicy Init container wait-container image pull policy ##