Skip to content

Commit

Permalink
incorporating review comments for apisix installation and updating di…
Browse files Browse the repository at this point in the history
…rectory structure
  • Loading branch information
ckhened committed Aug 23, 2024
1 parent db4a799 commit 5cd297d
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 52 deletions.
File renamed without changes.
32 changes: 19 additions & 13 deletions helm-charts/auth-apisix/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,31 +39,33 @@ Once the keycloak pod is up and running, access the UI through the Keycloak's No

Update the following values in values.yaml

1. Update all the entries in oidc config in apis-crd-helm/values.yaml
1. Update all the entries in oidc config pertaining to your identity provider

2. Update all the entries in API specific configs in apis-crd-helm/values.yaml
2. Update all the entries in API specific configs

## Install

```sh
cd apisix-helm
# Install apisix api gateway and ingress controller
helm install auth-apisix apisix/apisix -f values_apisix_gw.yaml --create-namespace --namespace auth-apisix

# Get dependencies (apisix helm chart)
helm dependency update
# WAIT UNTIL apisix-ingress-controller POD IS READY.

# Install apisix
helm install auth-apisix . --create-namespace --namespace auth-apisix

# WAIT UNTIL apisix-ingress-controller POD IS READY

# Apply API configs to apisix-ingress-controller
cd ../apis-crd-helm
helm install auth-apisix-crds . --namespace auth-apisix
```

## Usage

The published APIs in apisix gateway are accessible through auth-apisix-gateway kubernetes service. By default, it is a NodePort service and accessible on host through http://\<auth-apisix-gateway service name\>:\<forwarded host port\>. </br></br>
The published APIs in apisix gateway are accessible through auth-apisix-gateway kubernetes service. By default, it is a NodePort service and can be accessed as:
```sh
export NODE_PORT=$(kubectl get --namespace auth-apisix -o jsonpath="{.spec.ports[0].nodePort}" services auth-apisix-gateway)
export NODE_IP=$(kubectl get nodes --namespace auth-apisix -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT

# the autherticated endpoint published in APISIX gateway can be accessed as: http://$NODE_IP:$NODE_PORT/<published endpoint uri>

```
</br></br>
Apisix helm chart provides configs to change the service type to other options like LoadBalancer (apisix.service.type) and externalTrafficPolicy to 'local'(apisix.service.externalTrafficPolicy). These can be added in apisix-helm/values.yaml </br></br>
While accessing the published APIs, the HTTP Authorization header of the request should contain the Access token provided by Identity provider as 'Bearer \<Access Token\>' </br></br>
The access token, refresh token, userinfo and user roles can be obtained by invoking OIDC auth endpoint through UI or token endpoint through curl and providing user credentials. </br>
Expand All @@ -75,3 +77,7 @@ The access token, refresh token, userinfo and user roles can be obtained by invo
helm uninstall auth-apisix-crds --namespace auth-apisix
helm uninstall auth-apisix --namespace auth-apisix
```
The crds installed by apisix won't be deleted by helm uninstall. Need to manually delete those crds </br>
All APISIX spicific crds can be obtained by 'kubectl get crds' | grep apisix </br>
Each crd can be manually deleted by 'kubectl delete crd/\<crd name\>' </br>

13 changes: 0 additions & 13 deletions helm-charts/auth-apisix/apisix-helm/Chart.yaml

This file was deleted.

25 changes: 0 additions & 25 deletions helm-charts/auth-apisix/apisix-helm/values.yaml

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ oidc:
# APISIX chatqna api config
chatqna:
namespace: <namespace in which your chatqna service is running>
hostname: <hostname for external access>
hostname: <'Host' HTTP header from incoming request should match this. Wildcards like '*' allowed too>
query_api:
path: /chatqna-oidc # This is the path that will be published in apisix and this should be used by UI to access the chatqna service
backend_service: <kubernetes service name to access chatqna megaservice or gmc without .<namespace>.svc.cluster.local>
Expand Down
21 changes: 21 additions & 0 deletions helm-charts/auth-apisix/values_apisix_gw.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Copyright (C) 2024 Intel Corporation
# SPDX-License-Identifier: Apache-2.0

# APISIX Namespace
namespace: auth-apisix

# APISIX Helm chart configs
version: 2.8.1
enabled: true
ingress-controller:
enabled: true
config:
apisix:
serviceName: auth-apisix-admin
serviceNamespace: auth-apisix
etcd:
replicaCount: 1
persistence:
enabled: false
dashboard:
enabled: false

0 comments on commit 5cd297d

Please sign in to comment.