diff --git a/README.md b/README.md index 3fa8834..8bd2880 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,4 @@ Detailed instructions are enrolled in the README of each chart. * [api7-control-plane](./charts/api7/README.md) * [api7-gateway](./charts/gateway/README.md) * [api7-ingress-controller](./charts/ingress-controller/README.md) +* [aisix](./charts/aisix/README.md) diff --git a/charts/aisix/.helmignore b/charts/aisix/.helmignore new file mode 100644 index 0000000..56e6584 --- /dev/null +++ b/charts/aisix/.helmignore @@ -0,0 +1,13 @@ +# Patterns to ignore when building packages. +.DS_Store +.git/ +.gitignore +.gitmodules +*.swp +*.bak +*.tmp +*.orig +*~ +.vscode/ +*.tmproj +.idea/ diff --git a/charts/aisix/Chart.lock b/charts/aisix/Chart.lock new file mode 100644 index 0000000..e78307d --- /dev/null +++ b/charts/aisix/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: etcd + repository: https://charts.bitnami.com/bitnami + version: 8.7.7 +digest: sha256:c03ff5323e855335d94ce6cfce35745b84d03538dbb197e1a27520a7d69ea3ef +generated: "2026-04-15T17:14:56.064889296+08:00" diff --git a/charts/aisix/Chart.yaml b/charts/aisix/Chart.yaml new file mode 100644 index 0000000..b454f74 --- /dev/null +++ b/charts/aisix/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: aisix +description: A Helm chart for AISIX AI Gateway + +type: application + +version: 0.1.0 + +appVersion: "0.1.0" + +maintainers: + - name: API7 + email: support@api7.ai + url: https://api7.ai + +dependencies: + - name: etcd + version: 8.7.7 + repository: https://charts.bitnami.com/bitnami + condition: etcd.enabled diff --git a/charts/aisix/README.md b/charts/aisix/README.md new file mode 100644 index 0000000..f6f566a --- /dev/null +++ b/charts/aisix/README.md @@ -0,0 +1,70 @@ +# AISIX Helm Chart + +A Helm chart for [AISIX](https://github.com/api7/aisix) — an open-source, high-performance AI Gateway and LLM proxy built in Rust. + +## Prerequisites + +- Kubernetes 1.21+ +- Helm 3.7+ + +## Installing the Chart + +```bash +helm repo add api7 https://charts.api7.ai +helm repo update + +# Recommended: use an existing Secret for the admin key +kubectl create secret generic aisix-admin-secret \ + --from-literal=admin-key= + +helm install my-aisix api7/aisix \ + --set deployment.admin.existingSecret=aisix-admin-secret +``` + +## Uninstalling the Chart + +```bash +helm uninstall my-aisix +``` + +## Configuration + +The following table lists the key configurable parameters. See `values.yaml` for the full list. + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `image.repository` | AISIX image repository | `ghcr.io/api7/aisix` | +| `image.tag` | AISIX image tag | `0.1.0` | +| `replicaCount` | Number of replicas | `1` | +| `deployment.admin.adminKey` | Admin API key (used to create an internal Secret) | `[{key: "changeme"}]` | +| `deployment.admin.existingSecret` | Existing Secret for admin key (overrides adminKey) | `""` | +| `deployment.etcd.host` | External etcd hosts (when `etcd.enabled=false`) | `["http://etcd.host:2379"]` | +| `deployment.etcd.prefix` | etcd key prefix | `/aisix` | +| `gateway.type` | Proxy Service type | `NodePort` | +| `gateway.servicePort` | Proxy Service port | `3000` | +| `gateway.ingress.enabled` | Enable Ingress for proxy | `false` | +| `admin.enabled` | Enable admin Service and port | `true` | +| `admin.type` | Admin Service type | `ClusterIP` | +| `admin.servicePort` | Admin Service port | `3001` | +| `admin.ingress.enabled` | Enable Ingress for admin | `false` | +| `etcd.enabled` | Install bundled etcd | `false` | +| `autoscaling.enabled` | Enable HPA | `false` | + +## Using an Existing Secret for the Admin Key + +```bash +kubectl create secret generic aisix-admin-secret \ + --from-literal=admin-key= + +helm install my-aisix api7/aisix \ + --set deployment.admin.existingSecret=aisix-admin-secret +``` + +## Using an External etcd + +```bash +helm install my-aisix api7/aisix \ + --set etcd.enabled=false \ + --set "deployment.etcd.host[0]=http://my-etcd:2379" \ + --set deployment.admin.existingSecret=aisix-admin-secret +``` diff --git a/charts/aisix/charts/etcd-8.7.7.tgz b/charts/aisix/charts/etcd-8.7.7.tgz new file mode 100644 index 0000000..5f68f5d Binary files /dev/null and b/charts/aisix/charts/etcd-8.7.7.tgz differ diff --git a/charts/aisix/templates/NOTES.txt b/charts/aisix/templates/NOTES.txt new file mode 100644 index 0000000..ed2fab8 --- /dev/null +++ b/charts/aisix/templates/NOTES.txt @@ -0,0 +1,37 @@ +AISIX has been installed. Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ include "aisix.name" . }}" + +1. Get the Proxy API URL: +{{- if .Values.gateway.ingress.enabled }} +{{- range .Values.gateway.ingress.hosts }} + http{{ if $.Values.gateway.ingress.tls }}s{{ end }}://{{ .host }} +{{- end }} +{{- else if eq .Values.gateway.type "NodePort" }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "aisix.fullname" . }}-gateway) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "Proxy API: http://$NODE_IP:$NODE_PORT" +{{- else if eq .Values.gateway.type "LoadBalancer" }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "aisix.fullname" . }}-gateway --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo "Proxy API: http://$SERVICE_IP:{{ .Values.gateway.servicePort }}" +{{- else }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aisix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000:{{ .Values.gateway.containerPort }} + echo "Proxy API: http://127.0.0.1:3000" +{{- end }} + +2. Get the Admin UI URL: +{{- if .Values.admin.enabled }} +{{- if .Values.admin.ingress.enabled }} +{{- range .Values.admin.ingress.hosts }} + http{{ if $.Values.admin.ingress.tls }}s{{ end }}://{{ .host }}/ui +{{- end }} +{{- else }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aisix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3001:{{ .Values.admin.containerPort }} + echo "Admin UI: http://127.0.0.1:3001/ui" + echo "Admin API: http://127.0.0.1:3001/aisix/admin" +{{- end }} +{{- else }} + Admin service is disabled. Enable it with --set admin.enabled=true +{{- end }} diff --git a/charts/aisix/templates/_helpers.tpl b/charts/aisix/templates/_helpers.tpl new file mode 100644 index 0000000..c3b24fb --- /dev/null +++ b/charts/aisix/templates/_helpers.tpl @@ -0,0 +1,92 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "aisix.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "aisix.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "aisix.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "aisix.labels" -}} +helm.sh/chart: {{ include "aisix.chart" . }} +{{ include "aisix.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "aisix.selectorLabels" -}} +app.kubernetes.io/name: {{ include "aisix.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "aisix.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "aisix.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Scheme to use while connecting etcd +*/}} +{{- define "aisix.etcd.scheme" -}} +{{- if .Values.etcd.auth.tls.enabled }} +{{- "https" }} +{{- else }} +{{- "http" }} +{{- end }} +{{- end }} + +{{/* +Etcd host URL(s) to inject into config.yaml. +When etcd subchart is enabled, construct the in-cluster FQDN automatically. +When disabled, use the user-supplied deployment.etcd.host list. +*/}} +{{- define "aisix.etcd.hosts" -}} +{{- if .Values.etcd.enabled }} +{{- $scheme := include "aisix.etcd.scheme" . }} +{{- if .Values.etcd.fullnameOverride }} +- "{{ $scheme }}://{{ .Values.etcd.fullnameOverride }}:{{ .Values.etcd.service.port }}" +{{- else }} +- "{{ $scheme }}://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.etcd.service.port }}" +{{- end }} +{{- else }} +{{- toYaml .Values.deployment.etcd.host }} +{{- end }} +{{- end }} diff --git a/charts/aisix/templates/configmap.yaml b/charts/aisix/templates/configmap.yaml new file mode 100644 index 0000000..8c82f02 --- /dev/null +++ b/charts/aisix/templates/configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "aisix.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} +data: + config.yaml: |- + deployment: + etcd: + host: + {{- include "aisix.etcd.hosts" . | nindent 10 }} + prefix: {{ .Values.deployment.etcd.prefix | quote }} + timeout: {{ .Values.deployment.etcd.timeout }} + admin: + admin_key: + - key: "{{"{{"}}AISIX_ADMIN_KEY{{"}}"}}" + + server: + proxy: + listen: "{{ .Values.gateway.ip }}:{{ .Values.gateway.containerPort }}" + tls: + enabled: false + admin: + listen: "{{ .Values.admin.ip }}:{{ .Values.admin.containerPort }}" diff --git a/charts/aisix/templates/deployment.yaml b/charts/aisix/templates/deployment.yaml new file mode 100644 index 0000000..2bb7f07 --- /dev/null +++ b/charts/aisix/templates/deployment.yaml @@ -0,0 +1,132 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "aisix.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "aisix.selectorLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "aisix.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range $.Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "aisix.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.extraInitContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: aisix + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: proxy + containerPort: {{ .Values.gateway.containerPort }} + protocol: TCP + {{- if .Values.admin.enabled }} + - name: admin + containerPort: {{ .Values.admin.containerPort }} + protocol: TCP + {{- end }} + {{- if .Values.livenessProbe }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- if .Values.timezone }} + - name: TZ + value: {{ .Values.timezone | quote }} + {{- end }} + - name: RUST_LOG + value: "info" + - name: AISIX_ADMIN_KEY + valueFrom: + secretKeyRef: + {{- if .Values.deployment.admin.existingSecret }} + name: {{ .Values.deployment.admin.existingSecret }} + key: {{ .Values.deployment.admin.existingSecretKey }} + {{- else }} + name: {{ include "aisix.fullname" . }}-admin-key + key: admin-key + {{- end }} + {{- with .Values.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.extraEnvVarsSecret }} + {{- end }} + {{- end }} + volumeMounts: + - name: aisix-config + mountPath: /etc/aisix/config.yaml + subPath: config.yaml + readOnly: true + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: aisix-config + configMap: + name: {{ include "aisix.fullname" . }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/aisix/templates/hpa.yaml b/charts/aisix/templates/hpa.yaml new file mode 100644 index 0000000..683cce5 --- /dev/null +++ b/charts/aisix/templates/hpa.yaml @@ -0,0 +1,48 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/{{ .Values.autoscaling.version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "aisix.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "aisix.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if eq .Values.autoscaling.version "v2" }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- else }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/aisix/templates/ingress-admin.yaml b/charts/aisix/templates/ingress-admin.yaml new file mode 100644 index 0000000..af07ec1 --- /dev/null +++ b/charts/aisix/templates/ingress-admin.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.admin.enabled .Values.admin.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "aisix.fullname" . }}-admin + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} + {{- with .Values.admin.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.admin.ingress.tls }} + tls: + {{- toYaml .Values.admin.ingress.tls | nindent 4 }} + {{- end }} + rules: + {{- range .Values.admin.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ include "aisix.fullname" $ }}-admin + port: + number: {{ $.Values.admin.servicePort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/aisix/templates/ingress.yaml b/charts/aisix/templates/ingress.yaml new file mode 100644 index 0000000..6394f3a --- /dev/null +++ b/charts/aisix/templates/ingress.yaml @@ -0,0 +1,33 @@ +{{- if .Values.gateway.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "aisix.fullname" . }}-gateway + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} + {{- with .Values.gateway.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.gateway.ingress.tls }} + tls: + {{- toYaml .Values.gateway.ingress.tls | nindent 4 }} + {{- end }} + rules: + {{- range .Values.gateway.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ include "aisix.fullname" $ }}-gateway + port: + number: {{ $.Values.gateway.servicePort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/aisix/templates/secret.yaml b/charts/aisix/templates/secret.yaml new file mode 100644 index 0000000..906e70d --- /dev/null +++ b/charts/aisix/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.admin.enabled (not .Values.deployment.admin.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "aisix.fullname" . }}-admin-key + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} +type: Opaque +stringData: + admin-key: {{ (index .Values.deployment.admin.adminKey 0).key | quote }} +{{- end }} diff --git a/charts/aisix/templates/service-admin.yaml b/charts/aisix/templates/service-admin.yaml new file mode 100644 index 0000000..9dcabcd --- /dev/null +++ b/charts/aisix/templates/service-admin.yaml @@ -0,0 +1,23 @@ +{{- if .Values.admin.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "aisix.fullname" . }}-admin + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} + app.kubernetes.io/service: aisix-admin + {{- with .Values.admin.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.admin.type }} + ports: + - name: admin + port: {{ .Values.admin.servicePort }} + targetPort: admin + protocol: TCP + selector: + {{- include "aisix.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/aisix/templates/service-proxy.yaml b/charts/aisix/templates/service-proxy.yaml new file mode 100644 index 0000000..b2842d8 --- /dev/null +++ b/charts/aisix/templates/service-proxy.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "aisix.fullname" . }}-gateway + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} + app.kubernetes.io/service: aisix-gateway + {{- with .Values.gateway.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.gateway.type }} + {{- if or (eq .Values.gateway.type "NodePort") (eq .Values.gateway.type "LoadBalancer") }} + externalTrafficPolicy: {{ .Values.gateway.externalTrafficPolicy }} + {{- end }} + {{- if gt (len .Values.gateway.externalIPs) 0 }} + externalIPs: + {{- range .Values.gateway.externalIPs }} + - {{ . }} + {{- end }} + {{- end }} + ports: + - name: proxy + port: {{ .Values.gateway.servicePort }} + targetPort: proxy + protocol: TCP + {{- if and (eq .Values.gateway.type "NodePort") (not (empty .Values.gateway.nodePort)) }} + nodePort: {{ .Values.gateway.nodePort }} + {{- end }} + selector: + {{- include "aisix.selectorLabels" . | nindent 4 }} diff --git a/charts/aisix/templates/serviceaccount.yaml b/charts/aisix/templates/serviceaccount.yaml new file mode 100644 index 0000000..80bb2d7 --- /dev/null +++ b/charts/aisix/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "aisix.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aisix.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/aisix/values.yaml b/charts/aisix/values.yaml new file mode 100644 index 0000000..822e03c --- /dev/null +++ b/charts/aisix/values.yaml @@ -0,0 +1,193 @@ +global: + # e.g. + # imagePullSecrets: + # - my-registry-secrets + # -- Global Docker registry secret names as an array + imagePullSecrets: [] + +image: + # -- AISIX image repository + repository: ghcr.io/api7/aisix + # -- AISIX image pull policy + pullPolicy: IfNotPresent + # -- AISIX image tag; overrides the chart appVersion + tag: "0.1.0" + +# -- Number of AISIX replicas +replicaCount: 1 + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + name: "" + +# -- Annotations to add to the pod +podAnnotations: {} +# -- Labels to add to the pod +podLabels: {} +# -- Set the securityContext for AISIX pods +podSecurityContext: {} +# -- Set the securityContext for AISIX container +securityContext: {} + +# -- Set pod resource requests & limits +resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- Node labels for pod assignment +nodeSelector: {} +# -- List of node taints to tolerate +tolerations: [] +# -- Set affinity for deploy +affinity: {} + +updateStrategy: {} + # type: RollingUpdate + +autoscaling: + enabled: false + # -- HPA version, the value is "v2" or "v2beta1", default "v2" + version: v2 + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + +# -- Additional volumes +extraVolumes: [] +# -- Additional volume mounts +extraVolumeMounts: [] +# -- Additional init containers +extraInitContainers: [] + +# -- Additional environment variables +extraEnvVars: [] +extraEnvVarsCM: "" +extraEnvVarsSecret: "" + +# -- timezone for the container, e.g. "UTC" or "Asia/Shanghai" +timezone: "" + +# AISIX deployment configuration — rendered into /etc/aisix/config.yaml +deployment: + etcd: + # -- List of etcd hosts. Ignored when etcd.enabled is true (auto-constructed). + host: + - "http://etcd.host:2379" + # -- Key prefix used by aisix in etcd + prefix: /aisix + # -- etcd request timeout in seconds + timeout: 30 + admin: + # -- Admin API key. Used to create an internal Secret when existingSecret is not set. + # WARNING: change this before deploying to production. + adminKey: + - key: "changeme" + # -- Name of an existing Secret that contains an admin key field. + # If set, adminKey above is ignored and the key is read from the Secret. + existingSecret: "" + # -- Key inside the existing Secret that holds the admin key value + existingSecretKey: "admin-key" + +# -- AISIX proxy service settings (port 3000) — user traffic +gateway: + # -- proxy service type + type: NodePort + # -- Setting how the Service route external traffic + externalTrafficPolicy: Cluster + # -- IPs for which nodes in the cluster will also accept traffic for the service + externalIPs: [] + # -- which ip to listen on for the proxy service + ip: 0.0.0.0 + # -- Service port + servicePort: 3000 + # -- Container port + containerPort: 3000 + # -- Optional static nodePort (only relevant when type is NodePort) + nodePort: "" + annotations: {} + # -- Using ingress access AISIX proxy service + ingress: + enabled: false + # -- Ingress annotations + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: aisix.local + paths: + - "/" + tls: [] + +# -- AISIX admin service settings (port 3001) — Admin API and UI +admin: + # -- Enable admin service + enabled: true + # -- admin service type + type: ClusterIP + # -- which ip to listen on for the admin service + ip: 0.0.0.0 + # -- Service port + servicePort: 3001 + # -- Container port + containerPort: 3001 + annotations: {} + # -- Using ingress access AISIX admin service + ingress: + enabled: false + # -- Ingress annotations + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: aisix-admin.local + paths: + - "/ui" + - "/aisix/admin" + tls: [] + +# -- Kubernetes liveness probe override +livenessProbe: {} +# -- Kubernetes readiness probe override +readinessProbe: {} + +# -- etcd subchart (bitnami/etcd) +etcd: + # -- Install etcd as a subchart. Set false to use an external etcd. + enabled: false + image: + repository: api7/etcd + auth: + rbac: + # -- No authentication by default. Enable RBAC (set create: true and configure rootPassword) + # for production or multi-tenant clusters to prevent unauthenticated etcd access. + create: false + # -- root password for etcd. Requires etcd.auth.rbac.create to be true. + rootPassword: "" + tls: + # -- enable etcd client certificate + enabled: false + # -- name of the secret contains etcd client cert + existingSecret: "" + # -- etcd client cert filename using in etcd.auth.tls.existingSecret + certFilename: "" + # -- etcd client cert key filename using in etcd.auth.tls.existingSecret + certKeyFilename: "" + # -- whether to verify the etcd endpoint certificate when setup a TLS connection to etcd + verify: false + # -- specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset. + sni: "" + service: + port: 2379 + replicaCount: 3