You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/10/28 09:54:19 UTC
[GitHub] [apisix-helm-chart] fengxsong commented on pull request #382: feat: enable MTLS between dashboard and etcd
fengxsong commented on PR #382:
URL: https://github.com/apache/apisix-helm-chart/pull/382#issuecomment-1294789854
Here is an example.
## create generic secret first
```bash
$ kubectl create namespace ingress-apisix || true
$ kubectl -n ingress-apisix create secret generic kube-etcd-healthcheck-client --from-file=tls.crt=/etc/kubernetes/pki/etcd/healthcheck-client.crt --from-file=tls.key=/etc/kubernetes/pki/etcd/healthcheck-client.key --from-file=ca.crt=/etc/kubernetes/pki/etcd/ca.crt
```
## custom values to apply to apisix chart
```
dashboard:
enabled: true
config:
conf:
etcd:
prefix: /apisix
endpoints:
- $ETCD_MEMBER_0:2379
- $ETCD_MEMBER_1:2379
- $ETCD_MEMBER_2:2379
mtls:
enabled: true
existingSecret: kube-etcd-healthcheck-client
ingress:
enabled: true
className: apisix
hosts:
- host: apisix-dashboard.httpbin.org
paths: ["/*"]
etcd:
auth:
tls:
certFilename: tls.crt
certKeyFilename: tls.key
enabled: true
existingSecret: kube-etcd-healthcheck-client
verify: true
sni: "localhost"
enabled: false
host:
- https://$ETCD_MEMBER_0:2379
- https://$ETCD_MEMBER_1:2379
- https://$ETCD_MEMBER_2:2379
prefix: /apisix
gateway:
tls:
containerPort: 443
enabled: true
existingCASecret: kube-etcd-healthcheck-client
certCAFilename: ca.crt
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org