Version: 1.6.1

GKE (Google)

This guide explains how you can install APISIX ingress on Google Kubernetes Engine (GKE).

Prerequisites#

Setting up APISIX ingress on GKE requires the following:

Create a GKE cluster on Google Cloud.
Install Google Cloud SDK and update the credentials in your kube config file or use the shell.
Install Helm.

Install APISIX and ingress controller#

The script below installs APISIX and the ingress controller:

helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
kubectl create ns ingress-apisix
helm install apisix apisix/apisix \
  --set gateway.type=LoadBalancer \
  --set ingress-controller.enabled=true \
  --namespace ingress-apisix \
  --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
kubectl get service --namespace ingress-apisix

note

By default, APISIX ingress controller will watch the apiVersion of networking.k8s.io/v1.

If the target Kubernetes version is under v1.19, add the flag --set ingress-controller.config.kubernetes.ingressVersion=networking/v1beta1.

Else, if your Kubernetes cluster version is under v1.16, set the flag --set ingress-controller.config.kubernetes.ingressVersion=extensions/v1beta1.

This will create the five resources mentioned below:

apisix-gateway: dataplane the process the traffic.
apisix-admin: control plane that processes all configuration changes.
apisix-ingress-controller: ingress controller which exposes APISIX.
apisix-etcd and apisix-etcd-headless: stores configuration and handles internal communication.

The gateway service type will be set to LoadBalancer. Clients can access Apache APISIX through the GKE Load Balancer.

You can find the load balancer IP address by running:

kubectl get service apisix-gateway --namespace ingress-apisix -o jsonpath='{.status.loadBalancer.ingress[].ip}'

You should now be able to use APISIX ingress controller. You can try running this minimal example to see if everything is working perfectly.

Next steps#

Enable SSL#

SSL is disabled by default. You can enable it by adding the flag --set gateway.tls.enabled=true.

Change default keys#

It is recommended to change the default keys for security:

--set ingress-controller.config.apisix.adminKey=ADMIN_KEY_GENERATED_BY_YOURSELF

--set admin.credentials.admin=ADMIN_KEY_GENERATED_BY_YOURSELF

--set admin.credentials.viewer=VIEWER_KEY_GENERATED_BY_YOURSELF

note

The ingress-controller.config.apisix.adminKey and admin.credentials.admin must be the same. It is better if these are not same as admin.credentials.viewer.