You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/10/14 00:02:13 UTC
[GitHub] [apisix-ingress-controller] haowang-pony opened a new issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
haowang-pony opened a new issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710
### Issue description
I want to set the default_cluster_admin_key from env variable. I have such config.yaml file and set the `ADMIN_PASSWORD` as env. And I mount the config.yaml as configMap for my apisix-ingress-controller pods. but the config.yaml couldn't read the `ADMIN_PASSWORD` from os environment.
apisix-ingress-controller config.yaml
```
apisix:
default_cluster_base_url: "http://apisix-admin.ingress-apisix:9180/apisix/admin"
default_cluster_admin_key: "${ADMIN_PASSWORD}"
log_level: "debug"
log_output: "stderr"
http_listen: ":8080"
enable_profiling: true
kubernetes:
kubeconfig: ""
resync_interval: "30s"
app_namespaces:
- "*"
ingress_class: "apisix"
ingress_version: "networking/v1"
apisix_route_version: "apisix.apache.org/v2beta1"
```
env config
```
env:
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: apisix-admin-secret
```
But the interesting thing is: my apisix config.yaml file could correctly read `ADMIN_PASSWORD` from environment.
apisix config.yaml
```
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0
port_admin: 9180
admin_key:
# admin: can everything for configuration data
- name: "${ADMIN_USERNAME}"
key: ${ADMIN_PASSWORD}
role: admin
# viewer: only can view configuration data
- name: "${VIEWER_USERNAME}"
key: ${VIEWER_PASSWORD}
role: viewer
```
### Environment
* your apisix-ingress-controller version (output of `apisix-ingress-controller version --long`); 1.2.0
* your Kubernetes cluster version (output of `kubectl version`); v1.20.11
* if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (`uname -a`). Linux apisix-ingress-controller-6d46bd8c5c-fwzjq 5.4.0-45-generic #49~18.04.2-Ubuntu SMP Wed Aug 26 16:29:02 UTC 2020 x86_64 Linux
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] nic-6443 commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
nic-6443 commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942889283
Using command is OK, but it will make the deployment yaml a bit more complicated. What we use in the helm chart is configmap for configuration file, I don't know why you didn't use it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] nic-6443 commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
nic-6443 commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942898133
> > Using command is OK, but it will make the deployment yaml a bit more complicated. What we use in the helm chart is configmap for configuration file, I don't know why you didn't use it?
>
> As for helm chart, I used it when I did poc of apisix. However, as for production use, our company prefer to use deployment yaml directly.
>
> As for configMap, actaully my first choice is configMap. However, just as I said in the begainning, when I mount the configMap as config.yaml, the config.yaml couldn't set the `${ADMIN_PASSWORD}` from environment variable. And for production use, considering security, we definitely don't set the `default_cluster_admin_key` directly in configMap. Therefore I have to use command. It allow me to use `${ADMIN_PASSWORD}` from environment variable
OK, then I think it can be specified temporarily by command. Another way is to build a docker image (`FROM apisix-ingress-controller`), add a startup script, and use the `envsubst` tool in the script to replace the environment variables in the configuration file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony removed a comment on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony removed a comment on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942895022
And as for why I couldn't use ${environment variable} in the apisix-ingress-controoler config.yaml, I suspend this is because the apisix-ingress-controller doesn't support bash.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942895022
And as for why I couldn't use ${environment variable} in the apisix-ingress-controoler config.yaml, I suspend this is because the apisix-ingress-controller doesn't support bash.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942904222
> > > Using command is OK, but it will make the deployment yaml a bit more complicated. What we use in the helm chart is configmap for configuration file, I don't know why you didn't use it?
> >
> >
> > As for helm chart, I used it when I did poc of apisix. However, as for production use, our company prefer to use deployment yaml directly.
> > As for configMap, actaully my first choice is configMap. However, just as I said in the begainning, when I mount the configMap as config.yaml, the config.yaml couldn't set the `${ADMIN_PASSWORD}` from environment variable. And for production use, considering security, we definitely don't set the `default_cluster_admin_key` directly in configMap. Therefore I have to use command. It allow me to use `${ADMIN_PASSWORD}` from environment variable
>
> OK, then I think it can be specified temporarily by command. Another way is to build a docker image (`FROM apisix-ingress-controller`), add a startup script, and use the `envsubst` tool in the script to replace the environment variables in the configuration file.
This is a very good suggestion! Thanks a lot!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 closed issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
tao12345666333 closed issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] nic-6443 commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
nic-6443 commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942877491
This is normal, because apisix and apisix-ingress-controller are two independent software. The former supports the use of environment variables when parsing configuration files( [code link](https://github.com/apache/apisix/blob/master/apisix/cli/file.lua#L55-L55) ), and the latter has not been implemented.
Of course this is a nice feature, we can consider supporting it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
tao12345666333 commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-977999448
#745 has been merged. This feature has been implemented, I will close this issue. Feel free to reopen it, if you have any questions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony edited a comment on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony edited a comment on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942887452
> This is normal, because apisix and apisix-ingress-controller are two independent software. The former supports the use of environment variables when parsing configuration files( [code link](https://github.com/apache/apisix/blob/master/apisix/cli/file.lua#L55-L55) ), and the latter has not been implemented. Of course this is a nice feature, we can consider supporting it.
Thanks for quick response! Looking forward to this feature.
And could I just use the k8s command flags to config the apisix-ingress-controller. Is this recommend practice before this feature?
```
command=[
"/ingress-apisix/apisix-ingress-controller",
"ingress",
"--log-level",
"debug",
"--log-output",
"stderr",
"--http-listen",
":8080",
// namespaces that controller will watch for resources
"--app-namespace",
"*",
"--apisix-route-version",
"apisix.apache.org/v2beta1",
"--default-apisix-cluster-base-url",
"http://apisix-admin.ingress-apisix:9180/apisix/admin",
"--default-apisix-cluster-admin-key",
"$(ADMIN_PASSWORD)",
],
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony edited a comment on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony edited a comment on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942893009
> Using command is OK, but it will make the deployment yaml a bit more complicated. What we use in the helm chart is configmap for configuration file, I don't know why you didn't use it?
As for helm chart, I used it when I did poc of apisix. However, as for production use, our company prefer to use deployment yaml directly.
As for configMap, actaully my first choice is configMap. However, just as I said in the begainning, when I mount the configMap as config.yaml, the config.yaml couldn't set the `${ADMIN_PASSWORD}` from environment variable. And for production use, considering security, we definitely don't set the `default_cluster_admin_key` directly in configMap. Therefore I have to use command. It allow me to use `${ADMIN_PASSWORD}` from environment variable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942887452
> This is normal, because apisix and apisix-ingress-controller are two independent software. The former supports the use of environment variables when parsing configuration files( [code link](https://github.com/apache/apisix/blob/master/apisix/cli/file.lua#L55-L55) ), and the latter has not been implemented. Of course this is a nice feature, we can consider supporting it.
Thanks for quick response! Looking forward to this feature.
And could I just use the k8s command flags to config the apisix-ingress-controller. Is this recommend practice before this feature?
```
command=[
"/ingress-apisix/apisix-ingress-controller",
"ingress",
"--log-level",
"debug",
"--log-output",
"stderr",
"--http-listen",
":8080",
// namespaces that controller will watch for resources
"--app-namespace",
"*",
"--apisix-route-version",
"apisix.apache.org/v2beta1",
"--default-apisix-cluster-base-url",
"http://apisix-admin.ingress-apisix:9180/apisix/admin",
"--default-apisix-cluster-admin-key",
"$(ADMIN_PASSWORD)",
],
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] haowang-pony commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
haowang-pony commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942893009
> Using command is OK, but it will make the deployment yaml a bit more complicated. What we use in the helm chart is configmap for configuration file, I don't know why you didn't use it?
As for helm chart, I used it when I did experimental. However, as for production use, our company prefer to use deployment yaml directly.
As for configMap, actaully my first choice is configMap. However, just as I said in the begainning, when I mount the configMap as config.yaml, the config.yaml couldn't set the `${ADMIN_PASSWORD}` from environment variable. And for production use, considering security, we definitely don't set the `default_cluster_admin_key` directly in configMap. Therefore I have to use command. It allow me to use `${ADMIN_PASSWORD}` from environment variable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] nic-6443 commented on issue #710: request help: Apisix ingress controller config.yaml couldn't read os environment variable
Posted by GitBox <gi...@apache.org>.
nic-6443 commented on issue #710:
URL: https://github.com/apache/apisix-ingress-controller/issues/710#issuecomment-942898461
> And as for why I couldn't use ${environment variable} in the apisix-ingress-controoler config.yaml, I suspend this is because the apisix-ingress-controller doesn't support bash.
The configuration file is parsed directly through the golang code, without bash.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org