Skip to main content
Version: 1.4.0

Install Ingress APISIX on Tencent TKE

This document explains how to install Ingress APISIX on Tencent TKE.

Prerequisites#

  • Create a TKE Service on Tencent Cloud and make sure the API Server is accessible from your workspace.
  • Install Helm.
  • Download the kube config for your TKE Console.

Install APISIX and apisix-ingress-controller#

As the data plane of apisix-ingress-controller, Apache APISIX can be deployed at the same time using Helm chart.

helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
kubectl create ns ingress-apisix
helm install apisix apisix/apisix \
  --set gateway.type=LoadBalancer \
  --set ingress-controller.enabled=true \
  --set etcd.persistence.size="10Gi" \
  --namespace ingress-apisix \
  --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
kubectl get service --namespace ingress-apisix

Please be careful you must configure the etcd.persistence.size to multiples of 10Gi (it's a limitation on TKE), otherwise the PersistentVolumeClaim creation will fail.

Five Service resources were created.

  • apisix-gateway, which processes the real traffic;
  • apisix-admin, which acts as the control plane to process all the configuration changes.
  • apisix-ingress-controller, which exposes apisix-ingress-controller's metrics.
  • apisix-etcd and apisix-etcd-headless for etcd service and internal communication.

Two Service resources were created, one is apisix-gateway, which processes the real traffic; another is apisix-admin, which acts as the control plane to process all the configuration changes.

The gateway service type is set to LoadBalancer (see TKE Service Management for more details), so that clients can access Apache APISIX through a load balancer. You can find the load balancer ip by running:

kubectl get service apisix-gateway --namespace ingress-apisix -o jsonpath='{.status.loadBalancer.ingress[].ip}'

Now open your TKE console, choosing your cluster and clicking the Workloads tag, you'll see all pods of Apache APISIX, etcd and apisix-ingress-controller are ready.

Try to create some resources to verify the running status. As a minimalist example, see proxy-the-httpbin-service to learn how to apply resources to drive the apisix-ingress-controller.

Specify The Ingress Version#

apisix-ingress-controller will watch apiVersion of networking.k8s.io/v1 by default. If the target kubernetes version is under v1.19, add --set ingress-controller.config.kubernetes.ingressVersion=networking/v1beta1 or --set ingress-controller.config.kubernetes.ingressVersion=extensions/v1beta1 if your kubernetes cluster is under v1.16

Enable SSL#

The ssl config is disabled by default, add --set gateway.tls.enabled=true to enable tls support.

Change default apikey#

It's Recommended to change the default key by add --set ingress-controller.config.apisix.adminKey=ADMIN_KEY_GENERATED_BY_YOURSELF, --set admin.credentials.admin=ADMIN_KEY_GENERATED_BY_YOURSELF, --set admin.credentials.viewer=VIEWER_KEY_GENERATED_BY_YOURSELF, notice that ingress-controller.config.apisix.adminKey and admin.credentials.admin must be the same, and should better not same as admin.credentials.viewer.