apisix部署
使用k8s部署前打包镜像:
FROM centos:7
ARG APISIX_VERSION=2.11.0
LABEL apisix_version=“${APISIX_VERSION}”
RUN yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm
&& yum install -y https://repos.apiseven.com/packages/centos/7/x86_64/apisix-$APISIX_VERSION-0.el7.x86_64.rpm
&& yum clean all \
WORKDIR /usr/local/apisix
ADD jdk-8u311-linux-x64.tar.gz /opt/
EXPOSE 9080 9443 9180
ENV JAVA_HOME=/opt/jdk1.8.0_311
ENV PATH=PATH:PATH:PATH:JAVA_HOME/bin/
CMD [“sh”, “-c”, “/usr/bin/apisix init && /usr/bin/apisix init_etcd && /usr/local/openresty/bin/openresty -p /usr/local/apisix -g ‘daemon off;’”]
config.yaml:
apisix:node_listen: 9080 # APISIX listening portenable_heartbeat: trueenable_admin: trueenable_admin_cors: trueenable_debug: falseenable_dev_mode: false # Sets nginx worker_processes to 1 if set to trueenable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.enable_ipv6: trueconfig_center: etcd # etcd: use etcd to store the config value# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`#proxy_protocol: # Proxy Protocol configuration# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.# This port can only receive http request with proxy protocol, but node_listen & port_admin# can only receive http request. If you enable proxy protocol, you must use this port to# receive http request with proxy protocol# listen_https_port: 9182 # The port with proxy protocol for https# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream serverproxy_cache: # Proxy Caching configurationcache_ttl: 10s # The default caching time if the upstream does not specify the cache timezones: # The parameters of a cache- name: disk_cache_one # The name of the cache, administrator can be specify# which cache to use by name in the admin apimemory_size: 50m # The size of shared memory, it's used to store the cache indexdisk_size: 1G # The size of disk, it's used to store the cache datadisk_path: "/tmp/disk_cache_one" # The path to store the cache datacache_levels: "1:2" # The hierarchy levels of a cache# - name: disk_cache_two# memory_size: 50m# disk_size: 1G# disk_path: "/tmp/disk_cache_two"# cache_levels: "1:2"allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow- 127.0.0.1/24# - "::/64"port_admin: 9180# Default token when use API to call for Admin API.# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.# Disabling this configuration item means that the Admin API does not# require any authentication.admin_key:# admin: can everything for configuration data- name: "admin"key: edd1c9f034335f136f87ad84b625c8f1role: admin# viewer: only can view configuration data- name: "viewer"key: 4054f7cf07e344346cd3f287985e76a2role: viewerrouter:http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)# radixtree_host_uri: match route by host + uri(base on radixtree)ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)# dns_resolver:## - 127.0.0.1## - 172.20.0.10## - 114.114.114.114## - 223.5.5.5## - 1.1.1.1## - 8.8.8.8#dns_resolver_valid: 30resolver_timeout: 5ssl:enable: falseenable_http2: truelisten_port: 9443ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"nginx_config: # config for render the template to genarate nginx.conferror_log: "/usr/local/apisix/logs/error.log"error_log_level: "warn" # warn,errorworker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connectionsevent:worker_connections: 10620http:access_log: "/usr/local/apisix/logs/access.log"keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the clientclient_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the clientsend_timeout: 10s # timeout for transmitting a response to the client.then the connection is closedunderscores_in_headers: "on" # default enables the use of underscores in client request header fieldsreal_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_headerreal_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from- 127.0.0.1- 'unix:'etcd:host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.- "http://apisix-etcd.default.svc.cluster.local:2379"(如果使用的是k8s集群里面的使用这种格式,如果是自建的直接使用IP+端口)prefix: "/apisix" # apisix configurations prefixtimeout: 30 # 30 secondsplugins: # plugin list- api-breaker- authz-keycloak- basic-auth- batch-requests- consumer-restriction- cors- echo- fault-injection- grpc-transcode- hmac-auth- http-logger- ip-restriction- ua-restriction- jwt-auth- kafka-logger- key-auth- limit-conn- limit-count- limit-req- node-status- openid-connect- authz-casbin- prometheus- proxy-cache- proxy-mirror- proxy-rewrite- redirect- referer-restriction- request-id- request-validation- response-rewrite- serverless-post-function- serverless-pre-function- sls-logger- syslog- tcp-logger- udp-logger- uri-blocker- wolf-rbac- zipkin- server-info- traffic-split- gzip- real-ipstream_plugins:- mqtt-proxy- ip-restriction- limit-connplugin_attr:server-info:report_interval: 60report_ttl: 3600