feat: add trusted_addresses option to apisix configmap template (#909)

Author: manueljishi

charts/apisix/Chart.yaml

@@ -31,7 +31,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.12.3
+version: 2.12.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/apisix/README.md

@@ -128,6 +128,7 @@ The command removes all the Kubernetes components associated with the chart and
 | apisix.status.ip | string | `"0.0.0.0"` |  |
 | apisix.status.port | int | `7085` |  |
 | apisix.stream_plugins | list | `[]` | Customize the list of APISIX stream_plugins to enable. By default, APISIX's [default stream_plugins](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua#L294) are automatically used. |
+| apisix.trustedAddresses | list | `["127.0.0.1"]` | When configured, APISIX will trust the `X-Forwarded-*` Headers passed in requests from the IP/CIDR in the list. |
 | apisix.vault.enabled | bool | `false` | Enable or disable the vault integration |
 | apisix.vault.host | string | `""` | The host address where the vault server is running. |
 | apisix.vault.prefix | string | `""` | Prefix allows you to better enforcement of policies. |

charts/apisix/templates/configmap.yaml

@@ -176,6 +176,11 @@ data:
         port: {{ default "7085" (.Values.apisix.status.port | toString) }}
       {{- end}}
 
+      {{ if .Values.apisix.trustedAddresses }}
+      trusted_addresses:
+      {{- toYaml .Values.apisix.trustedAddresses | nindent 8 }}
+      {{ end }}
+
     nginx_config:    # config for render the template to genarate nginx.conf
       error_log: "{{ .Values.apisix.nginx.logs.errorLog }}"
       error_log_level: "{{ .Values.apisix.nginx.logs.errorLogLevel }}"    # warn,error

charts/apisix/values.yaml

@@ -585,6 +585,10 @@ apisix:
     ip: "0.0.0.0"
     port: 7085
 
+  # -- When configured, APISIX will trust the `X-Forwarded-*` Headers passed in requests from the IP/CIDR in the list.
+  trustedAddresses:
+    - 127.0.0.1
+
 # -- external etcd configuration. If etcd.enabled is false, these configuration will be used.
 externalEtcd:
   # -- if etcd.enabled is false, use external etcd, support multiple address, if your etcd cluster enables TLS, please use https scheme, e.g. https://127.0.0.1:2379.