Skip to main content
Version: Next

KubeSphere

This guide explains how you can install APISIX ingress on KubeSphere distributed operating system.

Prerequisites#

Setting up APISIX ingress on KubeSphere requires the following:

Install APISIX and ingress controller#

The script below installs APISIX and the ingress controller:

helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
kubectl create ns ingress-apisix
helm install apisix apisix/apisix \
--set gateway.type=NodePort \
--set ingress-controller.enabled=true \
--namespace ingress-apisix \
--set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
kubectl get service --namespace ingress-apisix
note

By default, APISIX ingress controller will watch the apiVersion of networking.k8s.io/v1.

If the target Kubernetes version is under v1.19, add the flag --set ingress-controller.config.kubernetes.ingressVersion=networking/v1beta1.

Else, if your Kubernetes cluster version is under v1.16, set the flag --set ingress-controller.config.kubernetes.ingressVersion=extensions/v1beta1.

This will create the five resources mentioned below:

  • apisix-gateway: dataplane the process the traffic.
  • apisix-admin: control plane that processes all configuration changes.
  • apisix-ingress-controller: ingress controller which exposes APISIX.
  • apisix-etcd and apisix-etcd-headless: stores configuration and handles internal communication.

The gateway service type is set to NodePort. Clients can access APISIX through the Node IPs and the assigned port. To use a service of type LoadBalancer with KubeSphere use a bare-metal load balancer implementation like openelb.

You should now be able to use APISIX ingress controller. You can try running this minimal example to see if everything is working perfectly.

Next steps#

Enable SSL#

SSL is disabled by default. You can enable it by adding the flag --set gateway.tls.enabled=true.

Change default keys#

It is recommended to change the default keys for security:

--set ingress-controller.config.apisix.adminKey=ADMIN_KEY_GENERATED_BY_YOURSELF
--set admin.credentials.admin=ADMIN_KEY_GENERATED_BY_YOURSELF
--set admin.credentials.viewer=VIEWER_KEY_GENERATED_BY_YOURSELF
note

The ingress-controller.config.apisix.adminKey and admin.credentials.admin must be the same. It is better if these are not same as admin.credentials.viewer.