feat: Adds Control API releated Resources

charts/apisix/README.md

@@ -108,6 +108,16 @@ The command removes all the Kubernetes components associated with the chart and
 | autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
 | autoscaling.version | string | `"v2"` | HPA version, the value is "v2" or "v2beta1", default "v2" |
 | configurationSnippet | object | `{"httpAdmin":"","httpEnd":"","httpSrv":"","httpStart":"","main":"","stream":""}` | Custom configuration snippet. |
+| control.enabled | bool | `true` | Enable Control API |
+| control.ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"apisix-control.local","paths":["/*"]}],"tls":[]}` | Using ingress access Apache APISIX Control service |
+| control.ingress.annotations | object | `{}` | Ingress annotations |
+| control.ingress.hosts | list | `[{"host":"apisix-control.local","paths":["/*"]}]` | Ingress Class Name className: "nginx" |
+| control.service.annotations | object | `{}` | Control annotations |
+| control.service.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic |
+| control.service.ip | string | `"127.0.0.1"` | which ip to listen on for Apache APISIX Control API |
+| control.service.port | int | `9090` | which port to use for Apache APISIX Control API |
+| control.service.servicePort | int | `9090` | Service port to use for Apache APISIX Control API |
+| control.service.type | string | `"ClusterIP"` | Control service type |
 | customPlugins | object | `{"enabled":false,"luaPath":"/opts/custom_plugins/?.lua","plugins":[{"attrs":{},"configMap":{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"},"name":"plugin-name"}]}` | customPlugins allows you to mount your own HTTP plugins. |
 | customPlugins.enabled | bool | `false` | Whether to configure some custom plugins |
 | customPlugins.luaPath | string | `"/opts/custom_plugins/?.lua"` | the lua_path that tells APISIX where it can find plugins, note the last ';' is required. |

charts/apisix/templates/_pod.tpl

@@ -99,6 +99,11 @@ spec:
           containerPort: {{ .Values.admin.port }}
           protocol: TCP
         {{- end }}
+        {{- if .Values.control.enabled }}
+        - name: control
+          containerPort: {{ .Values.control.service.port }}
+          protocol: TCP
+        {{- end }}
         {{- if .Values.serviceMonitor.enabled }}
         - name: prometheus
           containerPort: {{ .Values.serviceMonitor.containerPort }}

charts/apisix/templates/configmap.yaml

@@ -64,6 +64,13 @@ data:
       extra_lua_path: {{ .Values.customPlugins.luaPath }};{{ .Values.apisix.luaModuleHook.luaPath }}
       {{- end }}
 
+      enable_control: {{ .Values.control.enabled }}
+      {{- if .Values.control.enabled }}
+      control:
+        ip: {{ default "127.0.0.1" .Values.control.service.ip }}
+        port: {{ default 9090 .Values.control.service.port }}
+      {{- end }}
+
       {{- if .Values.apisix.luaModuleHook.enabled }}
       lua_module_hook: {{ .Values.apisix.luaModuleHook.hookPoint | quote }}
       {{- end }}

charts/apisix/templates/ingress-control.yaml

@@ -0,0 +1,76 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (and .Values.control.enabled .Values.control.ingress.enabled) -}}
+{{- $fullName := include "apisix.fullname" . -}}
+{{- $svcPort := .Values.control.servicePort -}}
+{{- if and .Values.control.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.control.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.control.ingress.annotations "kubernetes.io/ingress.class" .Values.control.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-control
+  labels:
+    {{- include "apisix.labels" . | nindent 4 }}
+  {{- with .Values.control.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.control.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.control.ingress.className }}
+  {{- end }}
+  {{- if .Values.control.ingress.tls }}
+  tls:
+    {{- range .Values.control.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.control.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.Version }}
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ $fullName }}-control
+                port:
+                  number:  {{ $svcPort }}
+            {{- else }}
+            backend:
+              serviceName: {{ $fullName }}-control
+              servicePort: {{ $svcPort }}
+            {{- end }}
+          {{- end }}
+    {{- end }}
+  {{- end }}

charts/apisix/templates/service-control.yaml

@@ -0,0 +1,58 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ if (and .Values.apisix.enabled .Values.control.enabled) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "apisix.fullname" . }}-control
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- range $key, $value := .Values.control.service.annotations }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  labels:
+    {{- include "apisix.labels" . | nindent 4 }}
+    app.kubernetes.io/service: apisix-control
+spec:
+  type: {{ .Values.control.service.type }}
+  {{- if eq .Values.control.service.type "LoadBalancer" }}
+  {{- if .Values.control.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.control.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.control.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range $cidr := .Values.control.service.loadBalancerSourceRanges }}
+  - {{ $cidr }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- if gt (len .Values.control.service.externalIPs) 0 }}
+  externalIPs:
+  {{- range $ip := .Values.control.service.externalIPs }}
+  - {{ $ip }}
+  {{- end }}
+  {{- end }}
+  ports:
+  - name: apisix-control
+    port: {{ .Values.control.service.servicePort }}
+    targetPort: {{ .Values.control.service.port }}
+  {{- if (and (eq .Values.control.service.type "NodePort") (not (empty .Values.control.service.nodePort))) }}
+    nodePort: {{ .Values.control.service.nodePort }}
+  {{- end }}
+    protocol: TCP
+  selector:
+    {{- include "apisix.selectorLabels" . | nindent 4 }}
+{{ end }}

charts/apisix/values.yaml

@@ -362,6 +362,48 @@ admin:
   #    hosts:
   #      - chart-example.local
 
+control:
+  # -- Enable Control API
+  enabled: true
+  service:
+    # -- Control annotations
+    annotations: {}
+    # -- Control service type
+    type: ClusterIP
+    # loadBalancerIP: a.b.c.d
+    # loadBalancerSourceRanges:
+    #   - "143.231.0.0/16"
+    # -- IPs for which nodes in the cluster will also accept traffic for the servic
+    externalIPs: []
+
+    # -- NodePort (only if control.service.type is NodePort)
+    # nodePort: 32000
+
+    # -- which ip to listen on for Apache APISIX Control API
+    ip: "127.0.0.1"
+    # -- which port to use for Apache APISIX Control API
+    port: 9090
+    # -- Service port to use for Apache APISIX Control API
+    servicePort: 9090
+  # -- Using ingress access Apache APISIX Control service
+  ingress:
+    enabled: false
+    # -- Ingress annotations
+    annotations:
+      {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    # -- Ingress Class Name
+    # className: "nginx"
+    hosts:
+      - host: apisix-control.local
+        paths:
+          - "/*"
+    tls: []
+  #  - secretName: apisix-tls
+  #    hosts:
+  #      - chart-example.local
+
 nginx:
   workerRlimitNofile: "20480"
   workerConnections: "10620"