marcuskrantz commented on issue #476: URL: https://github.com/apache/apisix-helm-chart/issues/476#issuecomment-1439783899
I'll explain my full use case: We install apisix according to installation instructions at: https://apisix.apache.org/docs/ingress-controller/deployments/aws/ When we reach: https://apisix.apache.org/docs/ingress-controller/deployments/aws/#change-default-keys ``` --set ingress-controller.config.apisix.adminKey=ADMIN_KEY_GENERATED_BY_YOURSELF --set admin.credentials.admin=ADMIN_KEY_GENERATED_BY_YOURSELF --set admin.credentials.viewer=VIEWER_KEY_GENERATED_BY_YOURSELF ``` Here, things starts to become a problem becuase: 1) Our clusters are immutable and automated and 2) we are not allowed to commit any credentials in source code whatsoever. This could be solved by either let the build job generate these secrets when a new cluster is setup or we have to do this manually for each new cluster we setup. What we would like to do instead is to configure APISIX to read these keys from a Kubernetes secret instead of passing them as arguments to helm install. Because we use https://external-secrets.io to provision secrets to Kubernetes which origin from AWS Secrets Manager. So we would much rather do: 1) Create ADMIN_KEY, VIEWER_KEY in AWS Secrets Manager 2) External-secrets read these from AWS and create Kubernetes secret 3) APISIX read these values from the secret created in step 2. This would allow us to fully automate the cluster setup without any manual step and no secrets committed to source code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
