kind: Service apiVersion: v1 metadata: name: apisix-etcd namespace: egommerce labels: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd annotations: meta.helm.sh/release-name: apisix-etcd meta.helm.sh/release-namespace: egommerce spec: type: NodePort ports: - name: client protocol: TCP port: 2379 nodePort: 31801 - name: peer protocol: TCP port: 2380 nodePort: 31802 selector: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd --- kind: StatefulSet apiVersion: apps/v1 metadata: name: apisix-etcd namespace: egommerce labels: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd template: metadata: labels: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd spec: containers: - name: apisix-etcd image: quay.io/coreos/etcd:v2.3.8 args: - --initial-cluster="apisix-etcd-0=http://apisix-etcd-0.apisix-etcd.egommerce.svc.cluster.local:2380" ports: - name: client containerPort: 2379 protocol: TCP - name: peer containerPort: 2380 protocol: TCP env: - name: BITNAMI_DEBUG value: 'false' - name: MY_POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: MY_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ETCDCTL_API value: '3' - name: ETCD_ON_K8S value: 'yes' - name: ETCD_START_FROM_SNAPSHOT value: 'no' - name: ETCD_DISASTER_RECOVERY value: 'no' - name: ETCD_NAME value: $(MY_POD_NAME) - name: ETCD_DATA_DIR value: /bitnami/etcd/data - name: ETCD_LOG_LEVEL value: info - name: ALLOW_NONE_AUTHENTICATION value: 'yes' - name: ETCD_ADVERTISE_CLIENT_URLS value: >- http://$(MY_POD_NAME).apisix-etcd.egommerce.svc.cluster.local:2379 - name: ETCD_LISTEN_CLIENT_URLS value: http://0.0.0.0:2379 - name: ETCD_INITIAL_ADVERTISE_PEER_URLS value: >- http://$(MY_POD_NAME).apisix-etcd.egommerce.svc.cluster.local:2380 - name: ETCD_LISTEN_PEER_URLS value: http://0.0.0.0:2380 resources: {} volumeMounts: - name: data mountPath: /bitnami/etcd livenessProbe: exec: command: - /opt/bitnami/scripts/etcd/healthcheck.sh initialDelaySeconds: 60 timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 5 readinessProbe: exec: command: - /opt/bitnami/scripts/etcd/healthcheck.sh initialDelaySeconds: 60 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 5 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent securityContext: runAsUser: 1001 runAsNonRoot: true restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst serviceAccountName: default serviceAccount: default securityContext: fsGroup: 1001 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: apisix-etcd app.kubernetes.io/name: apisix-etcd namespaces: - egommerce topologyKey: kubernetes.io/hostname schedulerName: default-scheduler volumeClaimTemplates: - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi volumeMode: Filesystem serviceName: apisix-etcd-headless podManagementPolicy: Parallel updateStrategy: type: RollingUpdate revisionHistoryLimit: 10 --- apiVersion: v1 kind: Service metadata: name: api-gateway namespace: egommerce spec: type: NodePort ports: - name: api-gateway-http port: 9080 nodePort: 31800 - name: api-gateway-https port: 9443 nodePort: 31843 # - name: api-gateway-stats # port: 1024 # nodePort: 31899 selector: app: api-gateway # --- # kind: IngressClass # apiVersion: networking.k8s.io/v1 # metadata: # name: api-gateway # namespace: egommerce # spec: # controller: haproxy.org/ingress-controller/haproxy --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: api-gateway namespace: egommerce spec: # ingressClassName: api-gateway # tls: # - secretName: api-gateway-cert # hosts: # - egommerce.io # CHANGE TO THE PROD DOMAIN rules: - host: egommerce.io # CHANGE TO THE PROD DOMAIN http: paths: - path: /api/identity pathType: Prefix backend: service: name: identity-svc port: number: 443 - path: /api/catalog pathType: Prefix backend: service: name: catalog-svc port: number: 443 - path: /api/basket pathType: Prefix backend: service: name: basket-svc port: number: 443 - path: /api/config pathType: Prefix backend: service: name: config-svc port: number: 443 --- kind: ConfigMap apiVersion: v1 metadata: name: apisix namespace: default data: config.yaml: >- # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # apisix: node_listen: 9080 # APISIX listening port enable_heartbeat: true enable_admin: true enable_admin_cors: true enable_debug: false enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. enable_ipv6: true config_center: etcd # etcd: use etcd to store the config value # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` #proxy_protocol: # Proxy Protocol configuration # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. # This port can only receive http request with proxy protocol, but node_listen & port_admin # can only receive http request. If you enable proxy protocol, you must use this port to # receive http request with proxy protocol # listen_https_port: 9182 # The port with proxy protocol for https # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server proxy_cache: # Proxy Caching configuration cache_ttl: 10s # The default caching time if the upstream does not specify the cache time zones: # The parameters of a cache - name: disk_cache_one # The name of the cache, administrator can be specify # which cache to use by name in the admin api memory_size: 50m # The size of shared memory, it's used to store the cache index disk_size: 1G # The size of disk, it's used to store the cache data disk_path: "/tmp/disk_cache_one" # The path to store the cache data cache_levels: "1:2" # The hierarchy levels of a cache # - name: disk_cache_two # memory_size: 50m # disk_size: 1G # disk_path: "/tmp/disk_cache_two" # cache_levels: "1:2" allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 127.0.0.1/24 # - "::/64" port_admin: 9180 # Default token when use API to call for Admin API. # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. # Disabling this configuration item means that the Admin API does not # require any authentication. admin_key: # admin: can everything for configuration data - name: "admin" key: edd1c9f034335f136f87ad84b625c8f1 role: admin # viewer: only can view configuration data - name: "viewer" key: 4054f7cf07e344346cd3f287985e76a2 role: viewer router: http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) # radixtree_host_uri: match route by host + uri(base on radixtree) ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) # dns_resolver: # # - 127.0.0.1 # # - 172.20.0.10 # # - 114.114.114.114 # # - 223.5.5.5 # # - 1.1.1.1 # # - 8.8.8.8 # dns_resolver_valid: 30 resolver_timeout: 5 ssl: enable: false enable_http2: true listen_port: 9443 ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" nginx_config: # config for render the template to genarate nginx.conf error_log: "/dev/stderr" error_log_level: "warn" # warn,error worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections event: worker_connections: 10620 http: access_log: "/dev/stdout" keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed underscores_in_headers: "on" # default enables the use of underscores in client request header fields real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from - 127.0.0.1 - 'unix:' etcd: host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - "http://apisix-etcd-0.egommerce.svc.cluster.local:2379" prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds plugins: # plugin list - api-breaker - authz-keycloak - basic-auth - batch-requests - consumer-restriction - cors - echo - fault-injection - grpc-transcode - hmac-auth - http-logger - ip-restriction - ua-restriction - jwt-auth - kafka-logger - key-auth - limit-conn - limit-count - limit-req - node-status - openid-connect - authz-casbin - prometheus - proxy-cache - proxy-mirror - proxy-rewrite - redirect - referer-restriction - request-id - request-validation - response-rewrite - serverless-post-function - serverless-pre-function - sls-logger - syslog - tcp-logger - udp-logger - uri-blocker - wolf-rbac - zipkin - server-info - traffic-split - gzip - real-ip stream_plugins: - mqtt-proxy - ip-restriction - limit-conn plugin_attr: server-info: report_interval: 60 report_ttl: 3600 --- apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway namespace: egommerce labels: app.kubernetes.io/instance: apisix app.kubernetes.io/name: apisix app.kubernetes.io/version: 2.10.0 spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: apisix app.kubernetes.io/name: apisix template: metadata: labels: app.kubernetes.io/instance: apisix app.kubernetes.io/name: apisix spec: restartPolicy: Always initContainers: - name: wait-etcd image: busybox:1.28 command: - sh - '-c' - >- until nc -z apisix-etcd.egommerce.svc.cluster.local 2379; do echo waiting for etcd `date`; sleep 2; done; resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent containers: - name: api-gateway image: localhost:32000/egommerce/api-gateway:dev imagePullPolicy: Always # args: # - --publish-service=egommerce/api-gateway # - --configmap=egommerce/api-gateway-config # - --ingress.class=haproxy # - --https-bind-port=8443 ports: - containerPort: 9080 # Proxy HTTP - containerPort: 9443 # Proxy HTTPS - containerPort: 9444 # Admin API resources: limits: cpu: 100m memory: 512M requests: cpu: 50m memory: 256M volumeMounts: - name: apisix-config mountPath: /usr/local/apisix/conf/config.yaml subPath: config.yaml volumes: - name: apisix-config configMap: name: apisix defaultMode: 420 imagePullSecrets: - name: regcred