feat: support specify node port for gateway service#256
Conversation
Signed-off-by: Nic <qianyong@api7.ai>
There was a problem hiding this comment.
Pull request overview
This PR adds Helm chart support for explicitly setting Kubernetes nodePort values on the Gateway Service ports (HTTP/TLS, additional ports, and stream TCP map entries), and bumps the chart version accordingly.
Changes:
- Add
gateway.http.nodePort/gateway.tls.nodePortvalues (plus examples) tovalues.yaml. - Render
nodePorton the Gateway Service for HTTP/TLS ports and additional container ports whengateway.type=NodePort. - Update chart docs and bump chart version to
0.2.52.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
| charts/gateway/values.yaml | Introduces nodePort values and examples for gateway HTTP/TLS and stream TCP. |
| charts/gateway/templates/service-gateway.yaml | Adds conditional nodePort fields to rendered Service ports. |
| charts/gateway/README.md | Documents the new nodePort settings. |
| charts/gateway/Chart.yaml | Bumps chart version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| {{- range .Values.gateway.http.additionalContainerPorts }} | ||
| - name: apisix-gateway-{{ .port | toString }} | ||
| port: {{ .port }} | ||
| targetPort: {{ .port }} | ||
| {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .nodePort))) }} | ||
| nodePort: {{ .nodePort }} | ||
| {{- end }} |
There was a problem hiding this comment.
Inside the range .Values.gateway.http.additionalContainerPorts, . becomes the per-port map, so .Values.gateway.type is out of scope and will cause template rendering errors when additionalContainerPorts is non-empty. Use the root context instead (e.g. $.Values.gateway.type or the already-defined $global.Values.gateway.type).
charts/gateway/values.yaml
Outdated
| ip: 0.0.0.0 | ||
| servicePort: 80 | ||
| containerPort: 9080 | ||
| # -- The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. |
There was a problem hiding this comment.
The comment says this is used when service.type is NodePort, but this chart’s Service type is configured via gateway.type (as used in the templates). Consider updating the wording to avoid confusion for chart users.
| # -- The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. | |
| # -- The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. |
charts/gateway/values.yaml
Outdated
| # -- The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. | ||
| nodePort: |
There was a problem hiding this comment.
The comment says this is used when service.type is NodePort, but the chart uses gateway.type to control the Service type. Adjust the wording so users know which value actually gates nodePort usage.
charts/gateway/values.yaml
Outdated
| # - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`. | ||
| # port: 9445 | ||
| # hostPort: 9445 | ||
| # nodePort: 9445 |
There was a problem hiding this comment.
The example nodePort: 9445 is outside Kubernetes’ default NodePort range (30000-32767). Consider using a value in the default range (or documenting that clusters may customize the range) to avoid misleading examples.
| # nodePort: 9445 | |
| # nodePort: 30445 |
charts/gateway/values.yaml
Outdated
| # - addr: 3302 | ||
| # nodePort: 3302 |
There was a problem hiding this comment.
The stream example nodePort: 3302 is outside Kubernetes’ default NodePort range (30000-32767). Consider updating the example (or clarifying the NodePort range requirement) so it reflects typical Kubernetes defaults.
| # - addr: 3302 | |
| # nodePort: 3302 | |
| # - addr: 30302 | |
| # nodePort: 30302 |
| {{- range .Values.gateway.tls.additionalContainerPorts }} | ||
| - name: apisix-gateway-tls-{{ .port | toString }} | ||
| port: {{ .port }} | ||
| targetPort: {{ .port }} | ||
| {{- if (and (eq .Values.gateway.type "NodePort") (not (empty .nodePort))) }} | ||
| nodePort: {{ .nodePort }} | ||
| {{- end }} |
There was a problem hiding this comment.
Inside the range .Values.gateway.tls.additionalContainerPorts, . is the per-port map, so .Values.gateway.type is not available and will break rendering when additionalContainerPorts is set. Reference the root context (e.g. $.Values.gateway.type / $global.Values.gateway.type) in this condition.
charts/gateway/values.yaml
Outdated
| # - port: 9081 | ||
| # hostPort: 9081 | ||
| # nodePort: 9081 |
There was a problem hiding this comment.
The example nodePort: 9081 is outside Kubernetes’ default NodePort range (30000-32767). Unless you specifically want to document custom cluster ranges, consider using an example within the default range (or mention the required range) to prevent copy/paste failures.
charts/gateway/README.md
Outdated
| | gateway.http | object | `{"additionalContainerPorts":[],"containerPort":9080,"enabled":true,"ip":"0.0.0.0","nodePort":null,"servicePort":80}` | API7 Gateway service settings for http | | ||
| | gateway.http.additionalContainerPorts | list | `[]` | Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) | | ||
| | gateway.http.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway http service. | | ||
| | gateway.http.nodePort | string | `nil` | The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. | |
There was a problem hiding this comment.
gateway.http.nodePort is documented as a string, but Kubernetes ServicePort.nodePort is an integer. Consider changing the documented type to int (and keep the description aligned with gateway.type, not service.type) to reduce configuration mistakes.
charts/gateway/README.md
Outdated
| | gateway.tls.existingCASecret | string | `""` | Specifies the name of Secret contains trusted CA certificates in the PEM format used to verify the certificate when APISIX needs to do SSL/TLS handshaking with external services (e.g. etcd) | | ||
| | gateway.tls.fallbackSNI | string | `""` | If set this, when the client doesn't send SNI during handshake, the fallback SNI will be used instead | | ||
| | gateway.tls.ip | string | `"0.0.0.0"` | which ip to listen on for API7 Gateway https service. | | ||
| | gateway.tls.nodePort | string | `nil` | The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. | |
There was a problem hiding this comment.
gateway.tls.nodePort is documented as a string, but Kubernetes ServicePort.nodePort is an integer. Consider documenting this as int and referencing gateway.type (the chart value that controls the Service type) instead of service.type.
| | gateway.tls.nodePort | string | `nil` | The nodePort of kubernetes service, only used if service.type is NodePort. If not set, a random port will be assigned by Kubernetes. | | |
| | gateway.tls.nodePort | int | `nil` | The nodePort of kubernetes service, only used if gateway.type is NodePort. If not set, a random port will be assigned by Kubernetes. | |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
charts/gateway/values.yaml
Outdated
| # -- Support multiple http ports, See [Configuration](https://github.com/apache/apisix/blob/0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d/conf/config-default.yaml#L24) | ||
| additionalContainerPorts: [] | ||
| # - port: 9081 | ||
| # hostPort: 9081 | ||
| # nodePort: 9081 |
There was a problem hiding this comment.
gateway.*.additionalContainerPorts is rendered directly into the APISIX config.yaml via toYaml (see templates/configmap.yaml), so adding nodePort to those items will also appear under apisix.node_listen / ssl.listen. Since nodePort is a Kubernetes Service-only concept, consider filtering it out when rendering the ConfigMap (e.g., render only known APISIX listen keys or omit the service-only keys) or introduce a separate values list dedicated to Service ports.
| # - port: 9081 | ||
| # hostPort: 9081 | ||
| # nodePort: 9081 | ||
| # enable_http2: true # If not set, the default value is `false`. |
There was a problem hiding this comment.
The commented examples set nodePort to values like 9081/9445, but Kubernetes NodePort defaults to the 30000–32767 range unless the cluster is reconfigured. Consider updating the examples (or note the valid range requirement) to avoid chart installs failing on default clusters.
charts/gateway/values.yaml
Outdated
| # nodePort: 3302 | ||
| udp: [] | ||
| # - addr: 192.168.31.10:53 | ||
| # - addr: 5353 | ||
| # nodePort: 5353 |
There was a problem hiding this comment.
The stream nodePort examples use 3302/5353, which are outside Kubernetes’ default NodePort range (30000–32767). Unless this chart assumes a custom cluster NodePort range, these example values should be updated (or explicitly documented) to prevent invalid Service manifests by default.
| # nodePort: 3302 | |
| udp: [] | |
| # - addr: 192.168.31.10:53 | |
| # - addr: 5353 | |
| # nodePort: 5353 | |
| # nodePort: 30302 | |
| udp: [] | |
| # - addr: 192.168.31.10:53 | |
| # - addr: 5353 | |
| # nodePort: 30553 |
| {{- if gt (len .Values.gateway.stream.udp) 0 }} | ||
| udp: # UDP proxy port list | ||
| {{- if gt (len .Values.gateway.stream.udp) 0}} | ||
| {{- range .Values.gateway.stream.udp }} | ||
| {{- if kindIs "map" . }} |
There was a problem hiding this comment.
The gateway.stream.udp rendering now supports map entries, but the nested if gt (len ...udp) 0 inside the outer if gt (len ...udp) 0 is redundant, and the inner else default (- 9200) is unreachable. Consider simplifying the conditionals or adjusting them so the documented default is actually rendered when the list is empty.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 participants
No description provided.