Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/apisix] support apisix http3 feature #25554

Closed
NiuBlibing opened this issue May 6, 2024 · 4 comments
Closed

[bitnami/apisix] support apisix http3 feature #25554

NiuBlibing opened this issue May 6, 2024 · 4 comments
Assignees
@javsalgar
Labels
apisix feature-request solved triage Triage is needed

Comments

@NiuBlibing
Copy link

Name and Version

bitnami/apisix 3.0.3

What is the problem this feature will solve?

Add parameter to support to enable http3 feature for apisix.

What is the feature you are proposing to solve the problem?

Like apisix-helm-chart

  ssl:
    enabled: false
    containerPort: 9443
    # -- Support multiple https ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L99)
    additionalContainerPorts: []
      # - ip: 127.0.0.3           # Specific IP, If not set, the default value is `0.0.0.0`.
      #   port: 9445
      #   enable_http3: true
    # -- Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd)
    existingCASecret: ""
    # -- Filename be used in the apisix.ssl.existingCASecret
    certCAFilename: ""
    enableHTTP3: false
    # -- TLS protocols allowed to use.
    sslProtocols: "TLSv1.2 TLSv1.3"
    # -- Define SNI to fallback if none is presented by client
    fallbackSNI: ""

What alternatives have you considered?

No response
@github-actions github-actions bot added the triage Triage is needed label May 6, 2024
@javsalgar javsalgar changed the title support apisix http3 feature [bitnami/apisix] support apisix http3 feature May 6, 2024
@javsalgar
Copy link
Contributor

Hi,

The full apisix configuration is exposed in the values.yaml file. Did you try checking it as stated in the apisix upstream documentation?

@NiuBlibing
Copy link
Author

It seems that the http3 is added recently, and I didn't found it in bitnami.

charts/bitnami/apisix/values.yaml

Lines 253 to 273 in adb080c

defaultConfig: |
{{- if .Values.dataPlane.metrics.enabled }}
plugin_attr:
prometheus:
export_uri: /apisix/prometheus/metrics
metric_prefix: apisix_
enable_export_server: true
export_addr:
ip: 0.0.0.0
port: {{ .Values.dataPlane.containerPorts.metrics }}
{{- end }}
apisix:
node_listen: {{ .Values.dataPlane.containerPorts.http }}
enable_admin: false
{{- if .Values.dataPlane.tls.enabled }}
ssl:
enable: true
listen:
- port: {{ .Values.dataPlane.containerPorts.https }}
ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}
enable_http2: true

charts/bitnami/apisix/templates/data-plane/dep-ds.yaml

Lines 198 to 201 in adb080c

volumes:
- name: config
configMap:
name: {{ include "apisix.data-plane.defaultConfigmapName" . }}

@javsalgar
Copy link
Contributor

Could you try going to the defaultConfig values and try adding the http3 flag manually?

  ## @param dataPlane.defaultConfig [string] Apisix apisix configuration (evaluated as a template)
  ##
  defaultConfig: |
    {{- if .Values.dataPlane.metrics.enabled }}
    plugin_attr:
      prometheus:
        export_uri: /apisix/prometheus/metrics
        metric_prefix: apisix_
        enable_export_server: true
        export_addr:
          ip: 0.0.0.0
          port: {{ .Values.dataPlane.containerPorts.metrics }}
    {{- end }}
    apisix:
      node_listen: {{ .Values.dataPlane.containerPorts.http }}
      enable_admin: false
      {{- if .Values.dataPlane.tls.enabled }}
      ssl:
        enable: true
        listen:
          - port: {{ .Values.dataPlane.containerPorts.https }}
            enable_http3: true
        ssl_trusted_certificate: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}
      enable_http2: true
      {{- end }}
      control:
        ip: 0.0.0.0
        port: {{ .Values.dataPlane.containerPorts.control }}
    nginx_config:
      error_log: /dev/stderr
      stream:
        access_log: /dev/stdout
      http:
        access_log: /dev/stdout
      http_configuration_snippet: |
        proxy_buffering off;
    deployment:
      role: data_plane
      role_data_plane:
        config_provider: etcd
        {{- if .Values.controlPlane.enabled }}
        control_plane:
          host:
            - {{ ternary "https" "http" .Values.controlPlane.tls.enabled }}://{{ include "apisix.control-plane.fullname" . }}:{{ .Values.controlPlane.service.ports.configServer }}
          prefix: /apisix
          timeout: 30
        {{- end }}
      etcd:
        host:
          {{- if .Values.etcd.enabled  }}
            {{- $replicas := $.Values.etcd.replicaCount | int }}
            {{- range $i, $_e := until $replicas }}
          - {{ printf "%s://%s-%d.%s:%v" (ternary "https" "http" $.Values.etcd.auth.client.secureTransport) (include "apisix.etcd.fullname" $ ) $i (include "apisix.etcd.headlessServiceName" $) ( include "apisix.etcd.port" $ ) }}
            {{- end }}
          {{- else }}
          {{- range $node := .Values.externalEtcd.servers }}
          - {{ ternary "https" "http" $.Values.externalEtcd.secureTransport }}://{{ printf "%s:%v" $node (include "apisix.etcd.port" $) }}
          {{- end }}
          {{- end }}
        prefix: /apisix
        timeout: 30
        use_grpc: false
        startup_retry: 60
        {{- if (include "apisix.etcd.authEnabled" .) }}
        user: "{{ print "{{APISIX_ETCD_USER}}" }}"
        password: "{{ print "{{APISIX_ETCD_PASSWORD}}" }}"
        {{- end }}
      {{- if .Values.dataPlane.tls.enabled }}
      certs:
        {{- if .Values.dataPlane.tls.enabled }}
        cert: /bitnami/certs/{{ .Values.dataPlane.tls.certFilename }}
        cert_key: /bitnami/certs/{{ .Values.dataPlane.tls.certKeyFilename }}
        {{- if .Values.dataPlane.tls.certCAFilename }}
        client_ca_cert: /bitnami/certs/{{ .Values.dataPlane.tls.certCAFilename }}
        {{- end }}
        {{- end }}
      {{- end }}
    discovery:
      kubernetes:
        service:
          # apiserver schema, options [http, https]
          schema: https #default https

          # apiserver host, options [ipv4, ipv6, domain, environment variable]
          host: ${KUBERNETES_SERVICE_HOST} #default ${KUBERNETES_SERVICE_HOST}

          # apiserver port, options [port number, environment variable]
          port: ${KUBERNETES_SERVICE_PORT}  #default ${KUBERNETES_SERVICE_PORT}

        client:
          # serviceaccount token or token_file
          token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

        default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0

@NiuBlibing
Copy link
Author

Thanks, the http3 feature could be enabled by setting defaultConfig.
enable_http3: true and ssl_protocols: TLSv1.2 TLSv1.3 are both needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

Labels
apisix feature-request solved triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@javsalgar @NiuBlibing