Closed
Description
为了能够在k8s中使用yaml定义出apisix需要的对象,定义了以下结构。
如果存在没有覆盖到的功能可以增加 & 修改,欢迎大家一起讨论。
结构示例
1、ApisixRoute基础路由 结构上与ingress类似,方便迁移原生ingress yaml
apiVersion: apisix.apache.org/v1
kind: ApisixRoute # apisix route
metadata:
annotations:
k8s.apisix.apache.org/ingress.class: apisix_group # 分组
k8s.apisix.apache.org/ssl-redirect: 'false' # ssl 转发
name: httpserverRoute
namespace: cloud # 指定namespace,同一个yaml中只能配置一个namespace下的backend
spec:
rules:
- host: test.apisix.apache.org
http:
paths:
- backend:
serviceName: httpserver # 结合namespace => cloud/httpserver (namespace/serviceName)
servicePort: 8080
path: /hello* # 支持正则
plugins: # 插件绑定
- httpserver-plugins # httpserver-plugins 是一个自定义的插件集合 (kind: apisixPlugin)
- ...
- backend:
serviceName: httpserver # 多个路由指向同一个service
servicePort: 8080
path: /ws*
支持
- namespace、host、path、backend(service)
- path支持全量和深前缀匹配
- 支持部分annotation
SSL转发 k8s.apisix.apache.org/ssl-redirect: 'true' or 'false'
ingress分组 k8s.apisix.apache.org/ingress.class: string
访问白名单 k8s.apisix.apache.org/whitelist-source-range: 1.2.3.4/16,4.3.2.1/8
不兼容
- annotation,除了上面提到的以外,ingress中的其他annotation通过插件 ApisixPlugins 方式替代
2、定义ApisixService 对应apisix中的service对象
apiVersion: apisix.apache.org/v1
kind: ApisixService # apisix service
metadata:
name: httpserver
namespace: cloud
spec:
upstream: httpserver # upstream = cloud/httpserver (namespace/upstreamName)
port: 8080 # 在service上定义端口号
plugins: # 插件绑定
- httpserver-plugins # httpserver-plugins 是一个自定义的插件集合 (kind: apisixPlugin)
- ...
支持
- 指定namespace下service 与upstream 的绑定
- 支持服务端口号的绑定
- 多个service可以指定同一个upstream
校验
- 同一个namespace下service name不能重复
3、定义ApisixUpstream
apiVersion: apisix.apache.org/v1
kind: ApisixUpstream # apisix upstream
metadata:
name: httpserver # cloud/httpserver
namespace: cloud
spec:
loadbalancer: roundrobin
healthcheck:
active:
...
passive:
...
支持
- upstream下的nodeList自动注册;
- upstream可以定义 healthcheck 和 loadbalancer
4、定义ApisixPlugin
apiVersion: apisix.apache.org/v1
kind: ApisixPlugin # apisix plugin
metadata:
name: httpserver-plugins # cloud/httpserver-plugins
namespace: cloud
spec:
plugins:
- plugin: limit-conn
enable: true
config:
key: value
- plugin: cors
enable: true
config:
key: value
5、ApisixSSL定义
apiVersion: apisix.apache.org/v1
kind: ApisixSSL # apisix SSL
metadata:
name: duiopen
spec:
hosts:
- asr.duiopen.com # 支持泛域名 例如:*.duiopen.com
- tts.duiopen.com
secret:
all.duiopen.com # k8s secret
6、admission webhook
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: apisix-validations
webhooks:
- admissionReviewVersions:
- v1beta1
name: validations.apisix.apache.org
namespaceSelector: {}
rules: # admission rules
- apiGroups:
- apisix.apache.org
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
resources:
- ApisixRoutes
- ApisixPlugins
scope: '*'
failurePolicy: Fail
clientConfig: # admission webhook
service:
namespace: apisix
name: apisix-ingress-controller
path: '/validate'
port: 80
caBundle: 'jjyy'
sideEffects: Unknown
timeoutSeconds: 30
Activity