You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2021/11/01 01:49:16 UTC
[apisix-helm-chart] branch master updated: feat: support etcd
config for apisix helm chart (#169)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 4dac6f3 feat: support etcd config for apisix helm chart (#169)
4dac6f3 is described below
commit 4dac6f39f8452417c75042af51e7a68b9bb06e77
Author: Nic <qi...@api7.ai>
AuthorDate: Mon Nov 1 09:46:52 2021 +0800
feat: support etcd config for apisix helm chart (#169)
---
charts/apisix/README.md | 23 +++++++++++++++++++----
charts/apisix/templates/configmap.yaml | 10 ++++++++++
charts/apisix/templates/deployment.yaml | 9 +++++++++
charts/apisix/values.yaml | 8 ++++++++
4 files changed, 46 insertions(+), 4 deletions(-)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 023841f..798a093 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -116,13 +116,28 @@ Apache APISIX service parameters, this determines how users can access itself.
| `configurationSnippet.httpAdmin` | Add custom Nginx configuration (Admin API server block) to nginx.conf | `{}` |
| `configurationSnippet.stream` | Add custom Nginx configuration (stream block) to nginx.conf | `{}` |
-### plugins and stream_plugins parameters
+### etcd parameters
-Default enabled plugins. See [configmap template](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/templates/configmap.yaml) for details.
+| Parameter | Description | Default |
+|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
+| `etcd.enabled` | use built-in etcd | `true` |
+| `etcd.host` | if `etcd.enabled` is false, use external etcd, support multiple address, if your etcd cluster enables TLS, please use https scheme, e.g. https://127.0.0.1:2379. | `["http://etcd.host:2379"]` |
+| `etcd.prefix` | apisix configurations prefix | `/apisix` |
+| `etcd.timeout` | Set the timeout value in seconds for subsequent socket operations from apisix to etcd cluster | `30` |
+| `etcd.auth.rbac.enabled` | enable auth for etcd | `false` |
+| `etcd.auth.rbac.user` | root username for etcd | `""` |
+| `etcd.auth.rbac.password` | root password for etcd | `""` |
+| `etcd.auth.tls.enabled` | enable etcd client certificate | `false` |
+| `etcd.auth.tls.existingSecret` | name of the secret contains etcd client cert | `""` |
+| `etcd.auth.tls.certFilename` | etcd client cert filename using in `etcd.auth.tls.existingSecret` | `""` |
+| `etcd.auth.tls.certKeyFilename` | etcd client cert key filename using in `etcd.auth.tls.existingSecret` | `""` |
+| `etcd.auth.tls.verify` | whether to verify the etcd endpoint certificate when setup a TLS connection to etcd | `true` |
+
+If etcd.enabled is true, set more values of bitnami/etcd helm chart use etcd as prefix
-### etcd parameters
+### plugins and stream_plugins parameters
-Configurations for etcd sub chart.
+Default enabled plugins. See [configmap template](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/templates/configmap.yaml) for details.
### dashboard parameters
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 2e1ae1f..6314013 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -197,6 +197,16 @@ data:
{{- end }}
prefix: {{ .Values.etcd.prefix | quote }} # apisix configurations prefix
timeout: {{ .Values.etcd.timeout }} # 30 seconds
+ {{- if .Values.etcd.auth.rbac.enabled }}
+ user: {{ .Values.etcd.auth.rbac.user | quote }}
+ password: {{ .Values.etcd.auth.rbac.password | quote }}
+ {{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ tls:
+ cert: "/etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
+ key: "/etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
+ verify: {{ .Values.etcd.auth.tls.verify }}
+ {{- end }}
{{- if .Values.plugins }}
plugins: # plugin list
diff --git a/charts/apisix/templates/deployment.yaml b/charts/apisix/templates/deployment.yaml
index 9da03c6..44a5e9f 100644
--- a/charts/apisix/templates/deployment.yaml
+++ b/charts/apisix/templates/deployment.yaml
@@ -87,6 +87,10 @@ spec:
name: ssl
subPath: {{ .Values.gateway.tls.certCAFilename }}
{{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - mountPath: /etcd-ssl
+ name: etcd-ssl
+ {{- end }}
{{- if .Values.customPlugins.enabled }}
{{- range $plugin := .Values.customPlugins.plugins }}
{{- range $mount := $plugin.configMap.mounts }}
@@ -113,6 +117,11 @@ spec:
secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
name: ssl
{{- end }}
+ {{- if .Values.etcd.auth.tls.enabled }}
+ - secret:
+ secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
+ name: etcd-ssl
+ {{- end }}
{{- if .Values.customPlugins.enabled }}
{{- range $plugin := .Values.customPlugins.plugins }}
- name: plugin-{{ $plugin.configMap.name }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 93d323f..51c6252 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -257,6 +257,14 @@ etcd:
rbac:
# No authentication by default
enabled: false
+ user: ""
+ password: ""
+ tls:
+ enabled: false
+ existingSecret: ""
+ certFilename: ""
+ certKeyFilename: ""
+ verify: true
service:
port: 2379