You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2023/04/07 09:31:31 UTC
[apisix-helm-chart] branch master updated: feat: support configuring APISIX admin_key via secret (#530)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 23b991a feat: support configuring APISIX admin_key via secret (#530)
23b991a is described below
commit 23b991aa41797c267a070cff1e8043c2e9f20399
Author: Jintao Zhang <zh...@gmail.com>
AuthorDate: Fri Apr 7 17:31:26 2023 +0800
feat: support configuring APISIX admin_key via secret (#530)
Signed-off-by: Jintao Zhang <zh...@gmail.com>
---
charts/apisix/README.md | 3 ++-
charts/apisix/templates/_pod.tpl | 14 ++++++++++++++
charts/apisix/templates/configmap.yaml | 8 ++++++++
charts/apisix/values.yaml | 4 ++++
4 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 1c8c2ac..642ae4b 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -42,8 +42,9 @@ The command removes all the Kubernetes components associated with the chart and
|-----|------|---------|-------------|
| admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR allowed to access Apache APISIX Admin API service. |
| admin.cors | bool | `true` | Admin API support CORS response headers |
-| admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
+| admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
| admin.credentials.admin | string | `"edd1c9f034335f136f87ad84b625c8f1"` | Apache APISIX admin API admin role credentials |
+| admin.credentials.secretName | string | `""` | The APISIX Helm chart supports storing user credentials in a secret. The secret needs to contain two keys, admin and viewer, with their respective values set. |
| admin.credentials.viewer | string | `"4054f7cf07e344346cd3f287985e76a2"` | Apache APISIX admin API viewer role credentials |
| admin.enabled | bool | `true` | Enable Admin API |
| admin.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic |
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index 49db791..50f2732 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -40,6 +40,20 @@ spec:
{{- if .Values.apisix.extraEnvVars }}
{{- include "apisix.tplvalues.render" (dict "value" .Values.apisix.extraEnvVars "context" $) | nindent 8 }}
{{- end }}
+
+ {{- if .Values.admin.credentials.secretName }}
+ - name: APISIX_ADMIN_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.admin.credentials.secretName }}
+ key: admin
+ - name: APISIX_VIEWER_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.admin.credentials.secretName }}
+ key: viewer
+ {{- end }}
+
ports:
- name: http
containerPort: {{ .Values.gateway.http.containerPort }}
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 5549089..5fc970b 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -310,11 +310,19 @@ data:
admin_key:
# admin: can everything for configuration data
- name: "admin"
+ {{- if .Values.admin.credentials.secretName }}
+ key: "{{"{{"}}APISIX_ADMIN_KEY{{"}}"}}"
+ {{- else }}
key: {{ .Values.admin.credentials.admin }}
+ {{- end }}
role: admin
# viewer: only can view configuration data
- name: "viewer"
+ {{- if .Values.admin.credentials.secretName }}
+ key: "{{"{{"}}APISIX_VIEWER_KEY{{"}}"}}"
+ {{- else }}
key: {{ .Values.admin.credentials.viewer }}
+ {{- end }}
role: viewer
{{- if not (eq .Values.deployment.role "data_plane") }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 09c7dd5..1569d26 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -308,6 +308,10 @@ admin:
# -- Apache APISIX admin API viewer role credentials
viewer: 4054f7cf07e344346cd3f287985e76a2
+ # -- The APISIX Helm chart supports storing user credentials in a secret.
+ # The secret needs to contain two keys, admin and viewer, with their respective values set.
+ secretName: ""
+
allow:
# -- The client IP CIDR allowed to access Apache APISIX Admin API service.
ipList: