From 3c4ec6bde53f38aa380af1be4ca5156cf9136a80 Mon Sep 17 00:00:00 2001 From: Blake LaFleur Date: Fri, 5 Jul 2024 12:55:57 -0500 Subject: [PATCH 1/3] Add support for configuring nginx realIp --- charts/apisix/templates/configmap.yaml | 8 +++++++- charts/apisix/values.yaml | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml index 2551b187..97275b68 100644 --- a/charts/apisix/templates/configmap.yaml +++ b/charts/apisix/templates/configmap.yaml @@ -189,10 +189,16 @@ data: client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed underscores_in_headers: "on" # default enables the use of underscores in client request header fields - real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header + real_ip_header: "{{ .Values.apisix.nginx.realIp.header }}" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from + {{- if .Values.apisix.nginx.realIp.fromIps }} + {{- range $cidrs := .Values.apisix.nginx.realIp.fromIps }} + - {{ $cidrs }} + {{- end }} + {{- else }} - 127.0.0.1 - 'unix:' + {{- end}} {{- if .Values.apisix.nginx.customLuaSharedDicts }} custom_lua_shared_dict: # add custom shared cache to nginx.conf {{- range $dict := .Values.apisix.nginx.customLuaSharedDicts }} diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml index ffe0458f..696546be 100644 --- a/charts/apisix/values.yaml +++ b/charts/apisix/values.yaml @@ -369,6 +369,9 @@ apisix: enableCPUAffinity: true # -- Timeout during which a keep-alive client connection will stay open on the server side. keepaliveTimeout: 60s + realIp: + header: "X-Real-IP" + fromIps: [] envs: [] # access log and error log configuration logs: From 33fa171081b137ae9320ec0a2846e6502ed50883 Mon Sep 17 00:00:00 2001 From: Blake LaFleur Date: Mon, 8 Jul 2024 12:39:21 -0500 Subject: [PATCH 2/3] Add variable documentation --- charts/apisix/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/apisix/README.md b/charts/apisix/README.md index 06b7e036..3664a305 100644 --- a/charts/apisix/README.md +++ b/charts/apisix/README.md @@ -102,6 +102,8 @@ The command removes all the Kubernetes components associated with the chart and | apisix.nginx.logs.enableAccessLog | bool | `true` | Enable access log or not, default true | | apisix.nginx.logs.errorLog | string | `"/dev/stderr"` | Error log path | | apisix.nginx.logs.errorLogLevel | string | `"warn"` | Error log level | +| apisix.nginx.realIp.header | string | `"X-Real-IP"` | Defines the header to use for the nginx_realip_module | +| apisix.nginx.realIp.fromIps | list | `["127.0.0.1", "unix:"]` | Defines trusted addresses for the nginx_realip_module | | apisix.nginx.workerConnections | string | `"10620"` | | | apisix.nginx.workerProcesses | string | `"auto"` | | | apisix.nginx.workerRlimitNofile | string | `"20480"` | | From 3410b6c387b9cddae6d0908956999c799e4d0ff1 Mon Sep 17 00:00:00 2001 From: Blake LaFleur Date: Mon, 8 Jul 2024 15:41:11 -0500 Subject: [PATCH 3/3] Update default IPs to be set in values.yaml instead of else condition in template --- charts/apisix/templates/configmap.yaml | 4 ---- charts/apisix/values.yaml | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml index 97275b68..91e90f33 100644 --- a/charts/apisix/templates/configmap.yaml +++ b/charts/apisix/templates/configmap.yaml @@ -195,10 +195,6 @@ data: {{- range $cidrs := .Values.apisix.nginx.realIp.fromIps }} - {{ $cidrs }} {{- end }} - {{- else }} - - 127.0.0.1 - - 'unix:' - {{- end}} {{- if .Values.apisix.nginx.customLuaSharedDicts }} custom_lua_shared_dict: # add custom shared cache to nginx.conf {{- range $dict := .Values.apisix.nginx.customLuaSharedDicts }} diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml index 696546be..aed667d3 100644 --- a/charts/apisix/values.yaml +++ b/charts/apisix/values.yaml @@ -371,7 +371,7 @@ apisix: keepaliveTimeout: 60s realIp: header: "X-Real-IP" - fromIps: [] + fromIps: ["127.0.0.1", "unix:"] envs: [] # access log and error log configuration logs: