GKE (Google)
This guide explains how you can install APISIX ingress on Google Kubernetes Engine (GKE).
#
PrerequisitesSetting up APISIX ingress on GKE requires the following:
- Create a GKE cluster on Google Cloud.
- Install Google Cloud SDK and update the credentials in your kube config file or use the shell.
- Install Helm.
#
Install APISIX and ingress controllerThe script below installs APISIX and the ingress controller:
helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
kubectl create ns ingress-apisix
helm install apisix apisix/apisix \
--set gateway.type=LoadBalancer \
--set ingress-controller.enabled=true \
--namespace ingress-apisix \
--set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
kubectl get service --namespace ingress-apisix
note
By default, APISIX ingress controller will watch the apiVersion of networking.k8s.io/v1
.
If the target Kubernetes version is under v1.19
, add the flag --set ingress-controller.config.kubernetes.ingressVersion=networking/v1beta1
.
Else, if your Kubernetes cluster version is under v1.16
, set the flag --set ingress-controller.config.kubernetes.ingressVersion=extensions/v1beta1
.
This will create the five resources mentioned below:
apisix-gateway
: dataplane the process the traffic.apisix-admin
: control plane that processes all configuration changes.apisix-ingress-controller
: ingress controller which exposes APISIX.apisix-etcd
andapisix-etcd-headless
: stores configuration and handles internal communication.
The gateway service type will be set to LoadBalancer
. Clients can access Apache APISIX through the GKE Load Balancer.
You can find the load balancer IP address by running:
kubectl get service apisix-gateway --namespace ingress-apisix -o jsonpath='{.status.loadBalancer.ingress[].ip}'
You should now be able to use APISIX ingress controller. You can try running this minimal example to see if everything is working perfectly.
#
Next steps#
Enable SSLSSL is disabled by default. You can enable it by adding the flag --set gateway.tls.enabled=true
.
#
Change default keysIt is recommended to change the default keys for security:
--set ingress-controller.config.apisix.adminKey=ADMIN_KEY_GENERATED_BY_YOURSELF
--set admin.credentials.admin=ADMIN_KEY_GENERATED_BY_YOURSELF
--set admin.credentials.viewer=VIEWER_KEY_GENERATED_BY_YOURSELF
note
The ingress-controller.config.apisix.adminKey
and admin.credentials.admin
must be the same. It is better if these are not same as admin.credentials.viewer
.