From 901ae5f4e733c4100e332eb6e941fe874dfb2559 Mon Sep 17 00:00:00 2001 From: Qi Guo <979918879@qq.com> Date: Mon, 15 Jun 2026 19:24:09 +0800 Subject: [PATCH] feat(gateway): support TCP PROXY protocol config --- charts/gateway/Chart.yaml | 2 +- charts/gateway/README.md | 3 +++ charts/gateway/templates/configmap.yaml | 6 ++++++ charts/gateway/values.yaml | 7 +++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml index 6d94979c..f6e2bf6f 100644 --- a/charts/gateway/Chart.yaml +++ b/charts/gateway/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.70 +version: 0.2.71 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 38799507..813e00cb 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -119,6 +119,9 @@ The command removes all the Kubernetes components associated with the chart and | apisix.podLabels | object | `{}` | Labels to add to each pod | | apisix.podSecurityContext | object | `{}` | Set the securityContext for API7 Gateway pods | | apisix.priorityClassName | string | `""` | Set [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for API7 Gateway pods | +| apisix.proxyProtocol | object | `{"enableTcpPP":false,"enableTcpPPToUpstream":false}` | PROXY Protocol configuration. | +| apisix.proxyProtocol.enableTcpPP | bool | `false` | Enable PROXY Protocol for TCP proxy. It works with gateway.stream.tcp. | +| apisix.proxyProtocol.enableTcpPPToUpstream | bool | `false` | Send PROXY Protocol to the upstream server for TCP proxy. | | apisix.replicaCount | int | `1` | kind is DaemonSet, replicaCount not become effective | | apisix.resources | object | `{}` | Set pod resource requests & limits | | apisix.securityContext | object | `{}` | Set the securityContext for API7 Gateway container | diff --git a/charts/gateway/templates/configmap.yaml b/charts/gateway/templates/configmap.yaml index c81d97b0..d11104b8 100644 --- a/charts/gateway/templates/configmap.yaml +++ b/charts/gateway/templates/configmap.yaml @@ -42,6 +42,12 @@ data: enable_ipv6: {{ .Values.apisix.enableIPv6 }} # Enable nginx IPv6 resolver enable_server_tokens: {{ .Values.apisix.enableServerTokens }} # Whether the APISIX version number should be shown in Server header + {{- if or .Values.apisix.proxyProtocol.enableTcpPP .Values.apisix.proxyProtocol.enableTcpPPToUpstream }} + proxy_protocol: + enable_tcp_pp: {{ .Values.apisix.proxyProtocol.enableTcpPP }} + enable_tcp_pp_to_upstream: {{ .Values.apisix.proxyProtocol.enableTcpPPToUpstream }} + {{- end }} + # proxy_protocol: # Proxy Protocol configuration # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and admin_listen. # # This port can only receive http request with proxy protocol, but node_listen & admin_listen diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml index 6264f410..aa40c46a 100644 --- a/charts/gateway/values.yaml +++ b/charts/gateway/values.yaml @@ -42,6 +42,13 @@ apisix: # -- Whether the APISIX version number should be shown in Server header enableServerTokens: true + # -- PROXY Protocol configuration. + proxyProtocol: + # -- Enable PROXY Protocol for TCP proxy. It works with gateway.stream.tcp. + enableTcpPP: false + # -- Send PROXY Protocol to the upstream server for TCP proxy. + enableTcpPPToUpstream: false + # -- Use Pod metadata.uid as the APISIX id. setIDFromPodUID: false