diff --git a/charts/ingress-controller/Chart.yaml b/charts/ingress-controller/Chart.yaml index d3c4812..9b26cd9 100644 --- a/charts/ingress-controller/Chart.yaml +++ b/charts/ingress-controller/Chart.yaml @@ -6,8 +6,8 @@ keywords: - api7 - crd type: application -version: 0.1.16 -appVersion: 2.0.9 +version: 0.1.17 +appVersion: 2.0.10 maintainers: - name: API7 email: support@api7.ai diff --git a/charts/ingress-controller/README.md b/charts/ingress-controller/README.md index 5b74256..d030eab 100644 --- a/charts/ingress-controller/README.md +++ b/charts/ingress-controller/README.md @@ -1,6 +1,6 @@ # api7-ingress-controller -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.9](https://img.shields.io/badge/AppVersion-2.0.9-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.10](https://img.shields.io/badge/AppVersion-2.0.10-informational?style=flat-square) Ingress Controller for API7 @@ -27,6 +27,7 @@ Ingress Controller for API7 | autoscaling.enabled | bool | `false` | | | autoscaling.minReplicas | int | `1` | | | config.controllerName | string | `"apisix.apache.org/apisix-ingress-controller"` | | +| config.disableGatewayApi | bool | `false` | | | config.enableHTTP2 | bool | `false` | | | config.execADCTimeout | string | `"15s"` | | | config.leaderElection.disable | bool | `false` | | @@ -45,12 +46,13 @@ Ingress Controller for API7 | deployment.annotations | object | `{}` | | | deployment.image.pullPolicy | string | `"IfNotPresent"` | | | deployment.image.repository | string | `"api7/api7-ingress-controller"` | | -| deployment.image.tag | string | `"2.0.9"` | | +| deployment.image.tag | string | `"2.0.10"` | | | deployment.nodeSelector | object | `{}` | | | deployment.podAnnotations | object | `{}` | | -| deployment.podSecurityContext | object | `{}` | | +| deployment.podSecurityContext.fsGroup | int | `2000` | | | deployment.replicas | int | `1` | | | deployment.resources | object | `{}` | Set pod resource requests & limits | +| deployment.securityContext | object | `{}` | | | deployment.tolerations | list | `[]` | | | deployment.topologySpreadConstraints | list | `[]` | | | fullnameOverride | string | `""` | | diff --git a/charts/ingress-controller/crds/apisix-crds.yaml b/charts/ingress-controller/crds/apisix-crds.yaml index 151cc00..adc49cd 100644 --- a/charts/ingress-controller/crds/apisix-crds.yaml +++ b/charts/ingress-controller/crds/apisix-crds.yaml @@ -1587,9 +1587,8 @@ spec: minimum: 0 type: integer timeout: - description: |- - Timeout sets health check timeout in seconds. - https://github.com/apache/apisix/blob/0151d9e35bba63d7c316187272d88e19db0be634/apisix/schema_def.lua#L196 + description: Timeout sets the number of timeouts to define + an unhealthy target. maximum: 254 minimum: 1 type: integer @@ -1651,9 +1650,8 @@ spec: minimum: 0 type: integer timeout: - description: |- - Timeout sets health check timeout in seconds. - https://github.com/apache/apisix/blob/0151d9e35bba63d7c316187272d88e19db0be634/apisix/schema_def.lua#L196 + description: Timeout sets the number of timeouts to define + an unhealthy target. maximum: 254 minimum: 1 type: integer @@ -1848,9 +1846,8 @@ spec: minimum: 0 type: integer timeout: - description: |- - Timeout sets health check timeout in seconds. - https://github.com/apache/apisix/blob/0151d9e35bba63d7c316187272d88e19db0be634/apisix/schema_def.lua#L196 + description: Timeout sets the number of timeouts + to define an unhealthy target. maximum: 254 minimum: 1 type: integer @@ -1912,9 +1909,8 @@ spec: minimum: 0 type: integer timeout: - description: |- - Timeout sets health check timeout in seconds. - https://github.com/apache/apisix/blob/0151d9e35bba63d7c316187272d88e19db0be634/apisix/schema_def.lua#L196 + description: Timeout sets the number of timeouts + to define an unhealthy target. maximum: 254 minimum: 1 type: integer diff --git a/charts/ingress-controller/templates/cluster_role.yaml b/charts/ingress-controller/templates/cluster_role.yaml index 6b37c82..56fcd5a 100644 --- a/charts/ingress-controller/templates/cluster_role.yaml +++ b/charts/ingress-controller/templates/cluster_role.yaml @@ -92,6 +92,7 @@ rules: - httproutes/status - referencegrants/status - tcproutes/status + - udproutes/status verbs: - get - update @@ -103,6 +104,7 @@ rules: - httproutes - referencegrants - tcproutes + - udproutes verbs: - get - list diff --git a/charts/ingress-controller/templates/configmap.yaml b/charts/ingress-controller/templates/configmap.yaml index a823013..0a951bc 100644 --- a/charts/ingress-controller/templates/configmap.yaml +++ b/charts/ingress-controller/templates/configmap.yaml @@ -18,6 +18,7 @@ data: probe_addr: {{ .Values.config.probeAddr | default ":8081" }} secure_metrics: {{ .Values.config.secureMetrics | default false }} exec_adc_timeout: {{ .Values.config.execADCTimeout | default "15s" }} + disable_gateway_api: {{ .Values.config.disableGatewayApi | default false }} provider: type: {{ .Values.config.provider.type | default "api7ee" }} sync_period: {{ .Values.config.provider.syncPeriod | default "0s" }} diff --git a/charts/ingress-controller/templates/deployment.yaml b/charts/ingress-controller/templates/deployment.yaml index f30e555..ac6bb15 100644 --- a/charts/ingress-controller/templates/deployment.yaml +++ b/charts/ingress-controller/templates/deployment.yaml @@ -36,11 +36,15 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: ADC_SERVER_URL + value: "unix:/sockets/adc.sock" image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" volumeMounts: - name: {{ .Release.Name }}-ingress-config mountPath: /app/conf/config.yaml subPath: config.yaml + - name: socket-volume + mountPath: /sockets {{- if .Values.webhook.enabled }} - name: webhook-certs mountPath: /certs @@ -66,13 +70,13 @@ spec: resources: {{- toYaml .Values.deployment.resources | nindent 10 }} securityContext: - {{- toYaml .Values.deployment.podSecurityContext | nindent 10 }} + {{- toYaml .Values.deployment.securityContext | nindent 10 }} - name: adc-server image: "{{ .Values.adc.image.repository }}:{{ .Values.adc.image.tag }}" args: - "server" - "--listen" - - "http://127.0.0.1:3000" + - "unix:/sockets/adc.sock" - "--listen-status" - "3001" env: @@ -99,6 +103,9 @@ spec: port: 3001 initialDelaySeconds: 5 periodSeconds: 5 + volumeMounts: + - name: socket-volume + mountPath: /sockets resources: {{- toYaml .Values.adc.resources | nindent 10 }} securityContext: @@ -123,12 +130,14 @@ spec: - name: {{ .Release.Name }}-ingress-config configMap: name: {{ .Release.Name }}-ingress-config + - name: socket-volume + emptyDir: {} {{- if .Values.webhook.enabled }} - name: webhook-certs secret: secretName: {{ include "api7-ingress-controller-manager.webhook.secretName" . }} {{- end }} securityContext: - runAsNonRoot: false + {{- toYaml .Values.deployment.podSecurityContext | nindent 8 }} serviceAccountName: {{ .Release.Name }} terminationGracePeriodSeconds: 10 diff --git a/charts/ingress-controller/templates/webhook.yaml b/charts/ingress-controller/templates/webhook.yaml index e7609f0..da77539 100644 --- a/charts/ingress-controller/templates/webhook.yaml +++ b/charts/ingress-controller/templates/webhook.yaml @@ -268,6 +268,28 @@ webhooks: apiGroups: ["gateway.networking.k8s.io"] apiVersions: ["v1alpha2"] resources: ["tcproutes"] +- name: vudproute-v1alpha2.kb.io + admissionReviewVersions: ["v1"] + clientConfig: + {{- if not .Values.webhook.certificate.provided }} + caBundle: {{ b64enc $caCert }} + {{- else }} + caBundle: {{ .Values.webhook.certificate.caBundle }} + {{- end }} + service: + name: {{ include "api7-ingress-controller-manager.webhook.serviceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-gateway-networking-k8s-io-v1alpha2-udproute + failurePolicy: {{ .Values.webhook.failurePolicy }} + {{- with .Values.webhook.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + sideEffects: None + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["gateway.networking.k8s.io"] + apiVersions: ["v1alpha2"] + resources: ["udproutes"] --- apiVersion: v1 diff --git a/charts/ingress-controller/values.yaml b/charts/ingress-controller/values.yaml index 40fad76..4cdff87 100644 --- a/charts/ingress-controller/values.yaml +++ b/charts/ingress-controller/values.yaml @@ -26,12 +26,15 @@ deployment: nodeSelector: {} tolerations: [] affinity: {} - podSecurityContext: {} + # fsGroup: 2000 ensures containers can share Unix socket files via a common group. + podSecurityContext: + fsGroup: 2000 + securityContext: {} topologySpreadConstraints: [] image: repository: api7/api7-ingress-controller pullPolicy: IfNotPresent - tag: "2.0.9" + tag: "2.0.10" # -- Set pod resource requests & limits resources: {} @@ -58,6 +61,7 @@ config: probeAddr: ":8081" secureMetrics: false execADCTimeout: "15s" + disableGatewayApi: false # Whether to disable the Gateway API support. The default value is false. provider: type: "api7ee" syncPeriod: "1h"