-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathconfig.example.yaml
More file actions
134 lines (126 loc) · 5.44 KB
/
Copy pathconfig.example.yaml
File metadata and controls
134 lines (126 loc) · 5.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# aisix — example configuration
# Reference: ai-gateway spec §1–§2.
etcd:
endpoints:
- "http://127.0.0.1:2379"
prefix: "/aisix"
# user: "aisix"
# password_env: "AISIX_ETCD_PASSWORD"
dial_timeout_ms: 5000
request_timeout_ms: 5000
# Optional TLS / mTLS bundle. Required when connecting to an
# aisix.cloud DP Manager (endpoint is https:// and the CP issues
# a client cert via IssueAIDataplaneCertificate). Uncomment and
# point to your mTLS bundle.
# tls:
# ca_cert_file: "/etc/aisix/mtls/ca.crt"
# client_cert_file: "/etc/aisix/mtls/client.crt"
# client_key_file: "/etc/aisix/mtls/client.key"
# # Optional: override the TLS SNI / cert-subject-alt-name.
# # Defaults to the hostname portion of endpoints[0].
# # domain_name: "etcd.aisix.cloud"
proxy:
addr: "0.0.0.0:3000"
request_body_limit_bytes: 10485760 # 10 MiB
# tls:
# cert_file: "/etc/aisix/tls/proxy.crt"
# key_file: "/etc/aisix/tls/proxy.key"
# Real-client-IP resolution for usage logs (#492). nginx
# set_real_ip_from + real_ip_recursive parity. Default trusts nothing
# and logs the immediate TCP peer; configure trusted_proxies when the
# gateway sits behind an L7 LB / ingress that sets x-forwarded-for.
# real_ip:
# trusted_proxies: ["10.0.0.0/8", "127.0.0.1/32"]
# recursive: true
# header: x-forwarded-for
admin:
addr: "127.0.0.1:3001"
admin_keys:
# Provide via env to avoid committing secrets.
# - "${AISIX_ADMIN_KEY}"
- "admin-local-only-change-me"
# tls:
# cert_file: "/etc/aisix/tls/admin.crt"
# key_file: "/etc/aisix/tls/admin.key"
observability:
service_name: "aisix"
log_level: "info"
access_log: true
metrics:
prometheus:
enabled: true
path: "/metrics"
# Dedicated metrics listener — the only Prometheus scrape surface,
# the same in every deployment mode. Point Prometheus at this
# address; the endpoint is unauthenticated, so restrict access at
# the network layer.
addr: "0.0.0.0:9090"
otlp:
enabled: false
endpoint: "http://127.0.0.1:4317"
tracing:
otlp:
enabled: false
endpoint: "http://127.0.0.1:4317"
sample_ratio: 1.0
# Managed-mode switch. Uncomment when running as an aisix.cloud
# tenant: the admin API and Playground will NOT be bound — all
# configuration flows from etcd via the mTLS channel above, driven
# by the aisix.cloud control plane.
# managed:
# enabled: true
# Cache backend availability. The in-process memory cache is always
# built; the shared redis cache is built iff `redis` is configured.
# Which backend serves a request is chosen per matched CachePolicy
# (its `backend` field, managed via the Admin API / control plane) —
# a policy asking for redis on a DP without `cache.redis` gets NO
# caching for its requests (cache_status = disabled), never a silent
# fallback to node-local memory.
cache:
# Legacy knob — no longer selects a single global cache. Kept for
# config compatibility; `backend: "redis"` still requires the
# `redis` block below (validated at boot).
backend: "memory" # memory | redis
# redis:
# # mode picks the topology. Credentials and TLS (rediss://) travel
# # inside the URLs, as in single mode.
# mode: "single" # single | cluster | sentinel
# # mode: single → one endpoint:
# url: "redis://127.0.0.1:6379"
# # mode: cluster → one or more seed node URLs:
# # nodes: ["redis://10.0.0.1:6379", "redis://10.0.0.2:6379"]
# # mode: sentinel → sentinel node URLs + the monitored master name.
# # Sentinel auth goes in the sentinels URLs; username/password/database
# # below authenticate the data node (master) Sentinel discovers — it
# # has no URL of its own. Supply `password` via the matching env var
# # (AISIX_CACHE__REDIS__PASSWORD) to keep it out of this file.
# # sentinels: ["redis://10.0.0.1:26379", "redis://10.0.0.2:26379"]
# # master_name: "mymaster"
# # username: "default" # Redis ACL user (cluster nodes / sentinel master)
# # password: "s3cret"
# # database: 0 # DB index for the sentinel master (not used by cluster)
# Rate-limit counter backend (api7/AISIX-Cloud#798).
#
# `memory` (default) keeps counters in this process, so a cluster of N
# replicas enforces N× every configured limit. `redis` shares the
# counters across every replica via one Redis, so the whole cluster
# enforces ONE global window — set this on multi-replica deployments.
# May point at the same Redis as `cache` (keys are namespaced
# `aisix:rl:`). On a Redis outage the limiter fails open to per-replica
# in-memory counting (logged) so traffic keeps flowing.
ratelimit:
backend: "memory" # memory | redis
# redis:
# # Same shape as cache.redis above — single / cluster / sentinel.
# mode: "single" # single | cluster | sentinel
# url: "redis://127.0.0.1:6379" # mode: single
# # nodes: ["redis://10.0.0.1:6379"] # mode: cluster
# # sentinels: ["redis://10.0.0.1:26379"] # mode: sentinel
# # master_name: "mymaster" # mode: sentinel
# Seconds before an unreleased concurrency slot (crashed replica /
# hung upstream) is reclaimed. Redis backend only.
# concurrency_ttl_secs: 300
# Models, API keys, provider keys, guardrails, cache policies, and
# observability exporters are NOT defined in this file. They are stored
# in etcd and managed via the Admin API (see docs/api-admin.md). This
# file only bootstraps the gateway.