A Helm chart for deploying skipper as cluster internal service proxy
- Add the skipper as a Helm Chart Dependency
- name: skipper
alias: my-service-proxy
version: "1.1.1" # or put the latest version number here
repository: "oci://ghcr.io/magda-io/charts"Please note:
aliasfield is optional. Its purpose is to give the helm chart an alias name (rather than the defaultskipper) so it's possible to useskipperchart multiple times in your deployment.
- Config the proxy via "values" file
my-service-proxy:
service:
# set the service name. This DNS name would be avialble within cluster
# by default, it would be release name + - + alias name
name: service-access-name
routes: |
myRoutes:
* -> setRequestHeader("my header", "xxxxxx")
-> setPath("/v1${request.path}")
-> preserveHost("false")
-> "https://xxxxx.xxxx.com";- Optional - Supply API keys via secrets as environment variables to the eskip routes config
If you want to supply API keys via secrets, you can do so by setting the secretName field in helm chart config with the name of the secret that you manually created.
All keys in supplied k8s secret will be available as environment variables that can be referenced in the eskip routes config.
e.g. If you have a secret named my-secret-name as following:
apiVersion: v1
kind: Secret
metadata:
name: my-secret-name
type: Opaque
data:
MY_API_KEY: sdfsklfjlkjsdfdYou then can reference the MY_API_KEY in your eskip routes config as following:
my-service-proxy:
service:
name: service-access-name
secretName: my-secret-name
routes: |
myRoutes:
* -> setRequestHeader("Authorization", "Bearer $MY_API_KEY")
-> setPath("/v1${request.path}")
-> preserveHost("false")
-> "https://xxxxx.xxxx.com";| Repository | Name | Version |
|---|---|---|
| oci://ghcr.io/magda-io/charts | magda-common | 2.3.1 |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| autoscaling.enabled | bool | false |
|
| autoscaling.maxReplicas | int | 3 |
|
| autoscaling.minReplicas | int | 1 |
|
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| config | object | {"access-log":"/dev/stdout","address":":9090","application-log":"/dev/stdout","response-header-timeout-backend":"180s","write-timeout-server":"180s"} |
skipper config file see https://opensource.zalando.com/skipper/tutorials/basics/#yaml-configuration write-timeout-server, response-header-timeout-backend are set to 180s (default 60s) to allow longer remote service processing time. You need to adjust both write-timeout-server and response-header-timeout-backend to avoid timeout errors. |
| fullnameOverride | string | "" |
|
| image.pullPolicy | string | "IfNotPresent" |
|
| image.repository | string | "ghcr.io/zalando/skipper" |
|
| image.tag | string | "" |
Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | [] |
|
| livenessProbe.httpGet.path | string | "/__status/live" |
|
| livenessProbe.httpGet.port | int | 9090 |
|
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| podAnnotations | object | {} |
|
| podSecurityContext | object | {} |
|
| probeRoutes | string | "// routes used to setup k8s probes\nprobe_liveness_up: \n Method(\"GET\") && Path(\"/__status/live\") -> inlineContent(\"OK\") -> <shunt>;\nprobe_liveness_down: \n Method(\"GET\") && Path(\"/__status/live\") && Shutdown() -> status(503) -> inlineContent(\"shutdown\") -> <shunt>;\nprobe_readiness_up: \n Method(\"GET\") && Path(\"/__status/ready\") -> inlineContent(\"OK\") -> <shunt>;\nprobe_readiness_down: \n Method(\"GET\") && Path(\"/__status/ready\") && Shutdown() -> status(503) -> inlineContent(\"shutdown\") -> <shunt>;\n" |
|
| readinessProbe.httpGet.path | string | "/__status/ready" |
|
| readinessProbe.httpGet.port | int | 9090 |
|
| replicaCount | int | 1 |
|
| resources.requests.cpu | string | "150m" |
|
| resources.requests.memory | string | "150Mi" |
|
| routes | string | "// everything else 404\ndefaultRoute: * -> <shunt>;\n" |
|
| secretName | string | "" |
the name of the manually created k8s secret that will be used to store all secret values to be referenced in the skipper eskip config. All key values in this secret will be available as environment variables and can be referenced in the eskip config. We use envsubst command to substitute the environment variables in the eskip config. It's an optional field, if not set, the supplied eskip config will not be preprocessed. |
| securityContext.readOnlyRootFilesystem | bool | true |
|
| securityContext.runAsNonRoot | bool | true |
|
| securityContext.runAsUser | int | 1000 |
|
| service.name | string | "" |
default, the service name would be release name + '-' chart name (or chart alias name) this field allow you to override the default service name |
| service.ports[0].name | string | "http" |
|
| service.ports[0].port | int | 80 |
|
| service.ports[0].targetPort | int | 9090 |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| tolerations | list | [] |