feat: add more config for gatewayproxy (#885)

AlinsRan · web-flow · commit 48833794b7cf · 2025-10-17T15:40:58.000+08:00
diff --git a/charts/apisix-ingress-controller/README.md b/charts/apisix-ingress-controller/README.md
@@ -141,11 +141,19 @@ The same for container level, you need to set:
 | deployment.tolerations | list | `[]` |  |
 | deployment.topologySpreadConstraints | list | `[]` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods |
 | fullnameOverride | string | `""` |  |
-| gatewayProxy.createDefault | bool | `false` |  |
-| gatewayProxy.provider.controlPlane.auth.adminKey.value | string | `"edd1c9f034335f136f87ad84b625c8f1"` |  |
-| gatewayProxy.provider.controlPlane.auth.type | string | `"AdminKey"` |  |
-| gatewayProxy.provider.controlPlane.endpoints | list | `[]` |  |
-| gatewayProxy.provider.type | string | `"ControlPlane"` |  |
+| gatewayProxy.createDefault | bool | `false` | Controls whether to create a default GatewayProxy custom resource. |
+| gatewayProxy.provider | object | `{"controlPlane":{"auth":{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"},"endpoints":[],"service":{"name":"","port":9180}},"pluginMetadata":{},"plugins":[],"type":"ControlPlane"}` | Configuration for the GatewayProxy provider connection |
+| gatewayProxy.provider.controlPlane | object | `{"auth":{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"},"endpoints":[],"service":{"name":"","port":9180}}` | ControlPlane provider specific configuration Either `endpoints` or `service` must be specified, but not both. |
+| gatewayProxy.provider.controlPlane.auth | object | `{"adminKey":{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}},"type":"AdminKey"}` | Authentication configuration for control plane connection |
+| gatewayProxy.provider.controlPlane.auth.adminKey | object | `{"value":"edd1c9f034335f136f87ad84b625c8f1","valueFrom":{}}` | AdminKey authentication configuration. Either `value` or `valueFrom` must be specified, but not both. |
+| gatewayProxy.provider.controlPlane.auth.adminKey.value | string | `"edd1c9f034335f136f87ad84b625c8f1"` | The admin key value for authentication. |
+| gatewayProxy.provider.controlPlane.auth.adminKey.valueFrom | object | `{}` | Reference to admin key stored in a Kubernetes Secret |
+| gatewayProxy.provider.controlPlane.auth.type | string | `AdminKey` | Authentication type. Only `AdminKey` is currently supported. |
+| gatewayProxy.provider.controlPlane.endpoints | list | `[]` | List of APISIX control plane Admin API endpoints. example: ["http://apisix-admin.default.svc.cluster.local:9180"] |
+| gatewayProxy.provider.controlPlane.service | object | `{"name":"","port":9180}` | Alternatively, reference a Kubernetes Service for the APISIX Admin API. |
+| gatewayProxy.provider.pluginMetadata | object | `{}` | Global plugin metadata shared by all instances of the same plugin. |
+| gatewayProxy.provider.plugins | list | `[]` | List of global plugins to be enabled on the GatewayProxy. |
+| gatewayProxy.provider.type | string | `"ControlPlane"` | Specifies the provider type for the GatewayProxy. |
 | labelsOverride | object | `{}` | Override default labels assigned to Apache APISIX ingress controller resource |
 | nameOverride | string | `""` | Default values for apisix-ingress-controller. This is a YAML-formatted file. Declare variables to be passed into your templates.  |
 | podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":"90%"}` | See https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more details |
diff --git a/charts/apisix-ingress-controller/templates/gatewayproxy.yaml b/charts/apisix-ingress-controller/templates/gatewayproxy.yaml
@@ -24,11 +24,53 @@ spec:
   provider:
     type: {{ .Values.gatewayProxy.provider.type }}
     controlPlane:
+      {{- if .Values.gatewayProxy.provider.controlPlane.endpoints }}
+      endpoints:
+        {{- toYaml .Values.gatewayProxy.provider.controlPlane.endpoints | nindent 8 }}
+      {{- else if .Values.gatewayProxy.provider.controlPlane.service.name }}
+      service:
+        name: {{ .Values.gatewayProxy.provider.controlPlane.service.name }}
+        port: {{ .Values.gatewayProxy.provider.controlPlane.service.port }}
+      {{- else }}
       service:
         name: {{ .Values.apisix.adminService.name }}
         port: {{ .Values.apisix.adminService.port }}
+      {{- end }}
+
+      {{- with .Values.gatewayProxy.provider.controlPlane.tlsVerify }}
+      tlsVerify: {{ . }}
+      {{- end }}
+
       {{- with .Values.gatewayProxy.provider.controlPlane.auth }}
       auth:
-        {{- toYaml . | nindent 8 }}
+        type: {{ .type }}
+        {{- with .adminKey }}
+        adminKey:
+          {{- if .valueFrom }}
+          valueFrom:
+            {{- toYaml .valueFrom | nindent 12 }}
+          {{- else if .value }}
+          value: {{ .value | quote }}
+          {{- end }}
+        {{- end }}
       {{- end }}
+
+  {{- with .Values.gatewayProxy.publishService }}
+  publishService: {{ . | quote }}
+  {{- end }}
+
+  {{- with .Values.gatewayProxy.statusAddress }}
+  statusAddress:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+  {{- with .Values.gatewayProxy.plugins }}
+  plugins:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+  {{- with .Values.gatewayProxy.pluginMetadata }}
+  pluginMetadata:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}
diff --git a/charts/apisix-ingress-controller/values.yaml b/charts/apisix-ingress-controller/values.yaml
@@ -94,17 +94,67 @@ config:
     ingressClass: apisix
     defaultIngressClass: false
 
+# The GatewayProxy resource configures gateway proxy instances including networking,
+# provider connection, global plugins, and plugin metadata.
 gatewayProxy:
+  # -- Controls whether to create a default GatewayProxy custom resource.
   createDefault: false
+
+  # -- Configuration for the GatewayProxy provider connection
   provider:
+    # -- Specifies the provider type for the GatewayProxy.
     type: ControlPlane
+
+    # -- ControlPlane provider specific configuration
+    # Either `endpoints` or `service` must be specified, but not both.
     controlPlane:
+      # -- List of APISIX control plane Admin API endpoints.
+      # example: ["http://apisix-admin.default.svc.cluster.local:9180"]
       endpoints: []
+
+      # -- Alternatively, reference a Kubernetes Service for the APISIX Admin API.
+      service:
+        name: ""
+        port: 9180
+
+      # -- Authentication configuration for control plane connection
       auth:
+        # -- Authentication type. Only `AdminKey` is currently supported.
+        # @default -- `AdminKey`
         type: AdminKey
+
+        # -- AdminKey authentication configuration.
+        # Either `value` or `valueFrom` must be specified, but not both.
         adminKey:
+          # -- The admin key value for authentication.
           value: "edd1c9f034335f136f87ad84b625c8f1"
 
+          # -- Reference to admin key stored in a Kubernetes Secret
+          valueFrom: {}
+            # secretKeyRef:
+            #   name: apisix-admin-secret
+            #   key: admin-key
+
+    # -- List of global plugins to be enabled on the GatewayProxy.
+    plugins: []
+      # - name: cors
+      #   enabled: true
+      #   config:
+      #     allow_origins: "*"
+      #     allow_methods: "GET,POST,PUT,DELETE"
+      # - name: ip-restriction
+      #   enabled: false
+      #   config:
+      #     whitelist:
+      #       - 10.0.0.0/8
+      #       - 192.168.0.0/16
+
+    # -- Global plugin metadata shared by all instances of the same plugin.
+    pluginMetadata: {}
+      # prometheus:
+      #   disable: false
+      #   export_uri: /apisix/prometheus/metrics
+
 apisix:
   adminService:
     namespace: apisix-ingress
