Comments (6)
gxthrj
commented on May 21, 2024
For now, apisix-ingress-controller do not support the config admin_key from Apache APISIX.
When using apisix-ingress-controller with APISIX, it is recommended to remove the admin_key setting. You can use allow_admin to restrict the access scope of the APISIX control plane to ensure security.
Now we can discuss how to support the admin_key in apisix-ingress-controller.
In different APISIX clusters, there are different admin_keys. Usually we manage admin_key through secret resource. But it is not easy to sync with CRDs in apisix-ingress-controller, for secret may in the different namespace.
We can use ingress.class to specify APISIX cluster, and also can define an annotation for admin_key, such as ingress.admin_key, But it will need to be updated manually in the future, if admin_key need to be changed.
So anyone has a good idea, can discuss it here. Thanks.
from apisix-ingress-controller.
gxthrj
commented on May 21, 2024
@tokers what do you think about this ?
from apisix-ingress-controller.
tokers
commented on May 21, 2024
Secret is the most appropriate way, we can watch all namespaces except some unexpected like kube-system, istio-system and etc.
from apisix-ingress-controller.
tokers
commented on May 21, 2024
The multiple APISIX cluster support should be implemented by Manager API. We as the invoker of Manager API, only need to pass cluster flag to it.
from apisix-ingress-controller.
membphis
commented on May 21, 2024
for the CP API, need to support mTLS way. The Admin API has supportted this feature. The Manage API, need @nic-chen 's confirming.
if the ingress-controller needs to connect multiple APISIX clusters, I think using mTLS is a better way than the token or JWT method.
from apisix-ingress-controller.
gxthrj
commented on May 21, 2024
The multiple APISIX cluster support should be implemented by Manager API. We as the invoker of Manager API, only need to pass cluster flag to it.
This sounds good.
But there is another problem. If we need to specify / add an APISIX Cluster in CRD, the manager api need to config too.
The configuration link has become too long and uncontrollable
from apisix-ingress-controller.
Related Issues (20)
- help request: apisix ingress controller log `failed to get upstream` HOT 1
- help request: apisix ingress controller log `failed to get upstream` HOT 2
- help request: 400 invalid configuration: additional properties forbidden, found labels,while applying an ApisixRoute yaml HOT 2
- docs: Is there any plan for Chinese documentation? HOT 3
- help request: The remoteAddrs field in ApisixRoute does not work or malfunctioning? HOT 15
- request help: How to solve the problem when the backend service is not in the same namespace with the apisix? HOT 6
- Sorry for asking the wrong question
- release of 1.8 HOT 3
- request help: 502 Bad Gateway while requesting an Ingress resource HOT 7
- help request: Datadog plugin config - can't define DogStatsD target with CRDs HOT 10
- request help: Apisix displayed error logs while installing by `alauda/captain` HOT 1
- request help: Need help on installing Apisix 3.6.0 in kubernetes through yaml files. HOT 3
- request help: failed to create stream_route: unexpected status code 400; error message: {"error_msg":"unknown plugin [key-auth]"} HOT 1
- feat: add support for installing apisix ingress composite mode via helm chart HOT 10
- request help: Not able to hit kubernetes local service using ApisixRoute and ApisixUpstream HOT 2
- feat: Add a "namespace" parameter to the "plugin_config" of apisixRoute, to share the same apisixPluginConfig between all namespaces of apisixRoutes HOT 2
- bug: APISIX ingress controller helm chart attempts to create resources that do not support lower than 1.19
- request help: Need help in installing Apisix 3.1 with yaml files in kubernetes cluster HOT 3
- feat: Is it possible to make the ingress controller work without allowing read access to all secrets in the cluster? HOT 3
- request help: How to start multiple unrelated ingress-apisix-composite-deployment to load traffic from different sources HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apisix-ingress-controller.