chore: remove deployment mode and role from gateway chart (#185)

Signed-off-by: Nic <[email protected]>

Author: nic-6443

charts/gateway/README.md

@@ -138,17 +138,6 @@ The command removes all the Kubernetes components associated with the chart and
 | deployment.certs.certsSecret | string | `""` | secret name used for decoupled mode |
 | deployment.certs.mTLSCACert | string | `""` | mTLS CA cert filename in mTLSCACertSecret |
 | deployment.certs.mTLSCACertSecret | string | `""` | trusted_ca_cert name in certsSecret |
-| deployment.controlPlane | object | `{"cert":"","certKey":"","certsSecret":"","confServerPort":"9280"}` | used for control_plane deployment mode |
-| deployment.controlPlane.cert | string | `""` | conf Server CA cert name in certsSecret |
-| deployment.controlPlane.certKey | string | `""` | conf Server cert key name in certsSecret |
-| deployment.controlPlane.certsSecret | string | `""` | secret name used by conf Server |
-| deployment.controlPlane.confServerPort | string | `"9280"` | conf Server address |
-| deployment.dataPlane | object | `{"controlPlane":{"host":[],"prefix":"/apisix","timeout":30}}` | used for data_plane deployment mode |
-| deployment.dataPlane.controlPlane.host | list | `[]` | The hosts of the control_plane used by the data_plane |
-| deployment.dataPlane.controlPlane.prefix | string | `"/apisix"` | The prefix of the control_plane used by the data_plane |
-| deployment.dataPlane.controlPlane.timeout | int | `30` | Timeout when the data plane connects to the control plane |
-| deployment.mode | string | `"traditional"` | API7 Gateway deployment mode Optional: traditional, decoupled  ref: https://apisix.apache.org/docs/apisix/deployment-modes/ |
-| deployment.role | string | `"traditional"` | Deployment role Optional: traditional, data_plane, control_plane  ref: https://apisix.apache.org/docs/apisix/deployment-modes/ |
 | discovery.enabled | bool | `false` | Enable or disable API7 Gateway integration service discovery |
 | discovery.registry | object | `{}` | Registry is the same to the one in APISIX [config-default.yaml](https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L281), and refer to such file for more setting details. also refer to [this documentation for integration service discovery](https://apisix.apache.org/docs/apisix/discovery) |
 | dns.resolvers[0] | string | `"127.0.0.1"` |  |

charts/gateway/templates/_pod.tpl

@@ -117,8 +117,6 @@ spec:
         {{- end }}
         {{- end }}
         {{- end }}
-
-      {{- if ne .Values.deployment.role "control_plane" }}
       readinessProbe:
         failureThreshold: 6
         initialDelaySeconds: 10
@@ -127,7 +125,6 @@ spec:
         tcpSocket:
           port: {{ .Values.gateway.http.containerPort }}
         timeoutSeconds: 1
-      {{- end }}
       lifecycle:
         preStop:
           exec:
@@ -150,21 +147,6 @@ spec:
           subPath: {{ .Values.gateway.tls.certCAFilename }}
       {{- end }}
 
-      {{- if and (eq .Values.deployment.role "control_plane") .Values.deployment.controlPlane.certsSecret }}
-        - mountPath: /conf-server-ssl
-          name: conf-server-ssl
-      {{- end }}
-
-      {{- if and (eq .Values.deployment.mode "decoupled") .Values.deployment.certs.mTLSCACertSecret }}
-        - mountPath: /conf-ca-ssl
-          name: conf-ca-ssl
-      {{- end }}
-
-      {{- if and (eq .Values.deployment.mode "decoupled") .Values.deployment.certs.certsSecret }}
-        - mountPath: /conf-client-ssl
-          name: conf-client-ssl
-      {{- end }}
-
       {{- if .Values.etcd.auth.tls.enabled }}
         - mountPath: /etcd-ssl
           name: etcd-ssl
@@ -206,23 +188,6 @@ spec:
         secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
       name: etcd-ssl
     {{- end }}
-    {{- if and (eq .Values.deployment.role "control_plane") .Values.deployment.controlPlane.certsSecret }}
-    - secret:
-        secretName: {{ .Values.deployment.controlPlane.certsSecret | quote }}
-      name: conf-server-ssl
-    {{- end }}
-
-    {{- if and (eq .Values.deployment.mode "decoupled") .Values.deployment.certs.mTLSCACertSecret }}
-    - secret:
-        secretName: {{ .Values.deployment.certs.mTLSCACertSecret | quote }}
-      name: conf-ca-ssl
-    {{- end }}
-
-    {{- if and (eq .Values.deployment.mode "decoupled") .Values.deployment.certs.certsSecret }}
-    - secret:
-        secretName: {{ .Values.deployment.certs.certsSecret | quote }}
-      name: conf-client-ssl
-    {{- end }}
     {{- if .Values.apisix.setIDFromPodUID }}
     - downwardAPI:
         items:

charts/gateway/templates/configmap.yaml

@@ -17,13 +17,11 @@ data:
       {{- toYaml .Values.api7ee | nindent 6 }}
     {{- end }}
     apisix:    # universal configurations
-      {{- if not (eq .Values.deployment.role "control_plane") }}
       node_listen:    # APISIX listening port
         - {{ .Values.gateway.http.containerPort }}
         {{- with .Values.gateway.http.additionalContainerPorts }}
         {{- toYaml . | nindent 8}}
         {{- end }}
-      {{- end }}
       enable_heartbeat: true
       enable_admin: {{ .Values.admin.enabled }}
       enable_admin_cors: {{ .Values.admin.cors }}
@@ -232,25 +230,9 @@ data:
     {{- end }}
 
     deployment:
-      role: {{ .Values.deployment.role }}
-      {{- if or (eq .Values.deployment.role "traditional") (eq .Values.deployment.role "control_plane") }}
-
-      {{- if eq .Values.deployment.role "traditional" }}
+      role: traditional
       role_traditional:
         config_provider: etcd
-      {{- end }}
-
-      {{- if eq .Values.deployment.role "control_plane" }}
-      role_control_plane:
-        config_provider: etcd
-        conf_server:
-          listen: 0.0.0.0:{{ .Values.deployment.controlPlane.confServerPort }}
-          cert: "/conf-server-ssl/{{ .Values.deployment.controlPlane.cert }}"
-          cert_key: "/conf-server-ssl/{{ .Values.deployment.controlPlane.certKey }}"
-          {{- if .Values.deployment.certs.mTLSCACertSecret }}
-          client_ca_cert: "/conf-ca-ssl/{{ .Values.deployment.certs.mTLSCACert }}"
-          {{- end }}
-      {{- end }}
 
       admin:
         allow_admin:    # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
@@ -288,8 +270,6 @@ data:
             key: {{ .Values.admin.credentials.viewer }}
             {{- end }}
             role: viewer
-
-      {{- if not (eq .Values.deployment.role "data_plane") }}
       etcd:
       {{- if .Values.etcd.enabled }}
         host:                          # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
@@ -329,30 +309,4 @@ data:
           {{- end }}
         {{- end }}
     {{- end }}
-    {{- end }}
-      {{- end }}
-
-      {{- if eq .Values.deployment.role "data_plane" }}
-      role_data_plane:
-        config_provider: control_plane
-        control_plane:
-          host:
-            {{- range $.Values.deployment.dataPlane.controlPlane.host }}
-            - {{ . | quote }}
-            {{- end }}
-          prefix: {{ .Values.deployment.dataPlane.controlPlane.prefix }}
-          timeout: {{ .Values.deployment.dataPlane.controlPlane.timeout }}
-      {{- end }}
-
-      {{- if eq .Values.deployment.mode "decoupled"}}
-      {{- if .Values.deployment.certs.certsSecret }}
-      certs:
-        cert: "/conf-client-ssl/{{ .Values.deployment.certs.cert }}"
-        cert_key: "/conf-client-ssl/{{ .Values.deployment.certs.cert_key }}"
-        {{- if .Values.deployment.certs.mTLSCACertSecret }}
-        trusted_ca_cert: "/conf-ca-ssl/{{ .Values.deployment.certs.mTLSCACert }}"
-        {{- end }}
-      {{- end }}
-      {{- end }}
-
 {{- end }}

charts/gateway/templates/service-control-plane.yaml

@@ -214,39 +214,6 @@ rbac:
   create: false
 
 deployment:
-  # -- API7 Gateway deployment mode
-  # Optional: traditional, decoupled
-  #
-  # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
-  mode: traditional
-
-  # -- Deployment role
-  # Optional: traditional, data_plane, control_plane
-  #
-  # ref: https://apisix.apache.org/docs/apisix/deployment-modes/
-  role: "traditional"
-
-  # -- used for control_plane deployment mode
-  controlPlane:
-    # -- conf Server address
-    confServerPort: "9280"
-    # -- secret name used by conf Server
-    certsSecret: ""
-    # -- conf Server CA cert name in certsSecret
-    cert: ""
-    # -- conf Server cert key name in certsSecret
-    certKey: ""
-
-  # -- used for data_plane deployment mode
-  dataPlane:
-    controlPlane:
-      # -- The hosts of the control_plane used by the data_plane
-      host: []
-      # -- The prefix of the control_plane used by the data_plane
-      prefix: "/apisix"
-      # -- Timeout when the data plane connects to the control plane
-      timeout: 30
-
   # -- certs used for certificates in decoupled mode
   certs:
     # -- secret name used for decoupled mode

charts/gateway/values.yaml

@@ -36,9 +36,9 @@ Ingress Controller for API7
 | deployment.image.tag | string | `"2.0.1"` |  |
 | deployment.nodeSelector | object | `{}` |  |
 | deployment.podAnnotations | object | `{}` |  |
-| deployment.podSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
-| deployment.podSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| deployment.podSecurityContext | object | `{}` |  |
 | deployment.replicas | int | `1` |  |
+| deployment.securityContext | object | `{}` |  |
 | deployment.tolerations | list | `[]` |  |
 | deployment.topologySpreadConstraints | list | `[]` |  |
 | fullnameOverride | string | `""` |  |