This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 49166b0 fix: set etcd password correctly (#497)
49166b0 is described below
commit 49166b0adbffa7bd0840d9851650f768f756699b
Author: Sarasa Kisaragi <[email protected]>
AuthorDate: Tue Mar 7 14:55:36 2023 +0800
fix: set etcd password correctly (#497)
Signed-off-by: Ling Samuel (WSL) <[email protected]>
---
charts/apisix/README.md | 13 +++++++++----
charts/apisix/templates/configmap.yaml | 9 ++++++---
charts/apisix/values.yaml | 22 ++++++++++++++++++----
3 files changed, 33 insertions(+), 11 deletions(-)
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index f0cb402..4a3d95a 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -101,6 +101,10 @@ The command removes all the Kubernetes components
associated with the chart and
| customPlugins.plugins[0].configMap | object |
`{"mounts":[{"key":"the-file-name","path":"mount-path"}],"name":"configmap-name"}`
| plugin codes can be saved inside configmap object. |
| customPlugins.plugins[0].configMap.mounts | list |
`[{"key":"the-file-name","path":"mount-path"}]` | since keys in configmap is
flat, mountPath allows to define the mount path, so that plugin codes can be
mounted hierarchically. |
| customPlugins.plugins[0].configMap.name | string | `"configmap-name"` | name
of configmap. |
+| dashboard.config.conf.etcd.endpoints | list | `["apisix-etcd:2379"]` |
Supports defining multiple etcd host addresses for an etcd cluster |
+| dashboard.config.conf.etcd.password | string | `nil` | Specifies etcd basic
auth password if enable etcd auth |
+| dashboard.config.conf.etcd.prefix | string | `"/apisix"` | apisix
configurations prefix |
+| dashboard.config.conf.etcd.username | string | `nil` | Specifies etcd basic
auth username if enable etcd auth |
| dashboard.enabled | bool | `false` | |
| deployment.certs | object |
`{"cert":"","cert_key":"","certsSecret":"","mTLSCACert":"","mTLSCACertSecret":""}`
| certs used for certificates in decoupled mode |
| deployment.certs.cert | string | `""` | cert name in certsSecret |
@@ -129,11 +133,10 @@ The command removes all the Kubernetes components
associated with the chart and
| dns.resolvers[5] | string | `"8.8.8.8"` | |
| dns.timeout | int | `5` | |
| dns.validity | int | `30` | |
-| etcd | object |
`{"auth":{"rbac":{"create":false,"password":"","user":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"host":["http://etcd.host:2379"],"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}`
| etcd configuration use the FQDN address or the IP of the etcd |
-| etcd.auth | object |
`{"rbac":{"create":false,"password":"","user":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}`
| if etcd.enabled is true, set more values of bitnami/etcd helm chart |
+| etcd | object |
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"host":["http://etcd.host:2379"],"password":"","prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30,"user":""}`
| etcd configuration use the FQDN address or the IP of the etcd |
+| etcd.auth | object |
`{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}`
| if etcd.enabled is true, set more values of bitnami/etcd helm chart |
| etcd.auth.rbac.create | bool | `false` | No authentication by default.
Switch to enable RBAC authentication |
-| etcd.auth.rbac.password | string | `""` | root password for etcd |
-| etcd.auth.rbac.user | string | `""` | root username for etcd |
+| etcd.auth.rbac.rootPassword | string | `""` | root password for etcd.
Requires etcd.auth.rbac.create to be true. |
| etcd.auth.tls.certFilename | string | `""` | etcd client cert filename using
in etcd.auth.tls.existingSecret |
| etcd.auth.tls.certKeyFilename | string | `""` | etcd client cert key
filename using in etcd.auth.tls.existingSecret |
| etcd.auth.tls.enabled | bool | `false` | enable etcd client certificate |
@@ -142,8 +145,10 @@ The command removes all the Kubernetes components
associated with the chart and
| etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint
certificate when setup a TLS connection to etcd |
| etcd.enabled | bool | `true` | install etcd(v3) by default, set false if do
not want to install etcd(v3) together |
| etcd.host | list | `["http://etcd.host:2379"]` | if etcd.enabled is false,
use external etcd, support multiple address, if your etcd cluster enables TLS,
please use https scheme, e.g. https://127.0.0.1:2379. |
+| etcd.password | string | `""` | if etcd.enabled is false, password for
external etcd. If etcd.enabled is true, use etcd.auth.rbac.rootPassword
instead. |
| etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| etcd.timeout | int | `30` | Set the timeout value in seconds for subsequent
socket operations from apisix to etcd cluster |
+| etcd.user | string | `""` | if etcd.enabled is false, username for external
etcd. If etcd.enabled is true, use etcd.auth.rbac.rootPassword instead. |
| extPlugin.cmd | list | `["/path/to/apisix-plugin-runner/runner","run"]` |
the command and its arguements to run as a subprocess |
| extPlugin.enabled | bool | `false` | Enable External Plugins. See [external
plugin](https://apisix.apache.org/docs/apisix/next/external-plugin/) |
| extraInitContainers | list | `[]` | Additional `initContainers`, See
[Kubernetes
initContainers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)
for the detail. |
diff --git a/charts/apisix/templates/configmap.yaml
b/charts/apisix/templates/configmap.yaml
index df33828..ca52b1c 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -332,9 +332,12 @@ data:
{{- end }}
prefix: {{ .Values.etcd.prefix | quote }} # configuration prefix in
etcd
timeout: {{ .Values.etcd.timeout }} # 30 seconds
- {{- if .Values.etcd.auth.rbac.create }}
- user: {{ .Values.etcd.auth.rbac.user | quote }}
- password: {{ .Values.etcd.auth.rbac.password | quote }}
+ {{- if and (not .Values.etcd.enabled) .Values.etcd.user }}
+ user: {{ .Values.etcd.user | quote }}
+ password: {{ .Values.etcd.password | quote }}
+ {{- else if and .Values.etcd.enabled .Values.etcd.auth.rbac.create }}
+ user: "root"
+ password: {{ .Values.etcd.auth.rbac.rootPassword | quote }}
{{- end }}
{{- if .Values.etcd.auth.tls.enabled }}
tls:
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 5ad3f1f..e20abee 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -573,6 +573,10 @@ etcd:
host:
# host or ip e.g. http://172.20.128.89:2379
- http://etcd.host:2379
+ # -- if etcd.enabled is false, username for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
+ user: ""
+ # -- if etcd.enabled is false, password for external etcd. If etcd.enabled
is true, use etcd.auth.rbac.rootPassword instead.
+ password: ""
# -- apisix configurations prefix
prefix: "/apisix"
# -- Set the timeout value in seconds for subsequent socket operations from
apisix to etcd cluster
@@ -583,10 +587,8 @@ etcd:
rbac:
# -- No authentication by default. Switch to enable RBAC authentication
create: false
- # -- root username for etcd
- user: ""
- # -- root password for etcd
- password: ""
+ # -- root password for etcd. Requires etcd.auth.rbac.create to be true.
+ rootPassword: ""
tls:
# -- enable etcd client certificate
enabled: false
@@ -608,6 +610,18 @@ etcd:
dashboard:
enabled: false
+ config:
+ conf:
+ etcd:
+ # -- Supports defining multiple etcd host addresses for an etcd cluster
+ endpoints:
+ - apisix-etcd:2379
+ # -- apisix configurations prefix
+ prefix: "/apisix"
+ # -- Specifies etcd basic auth username if enable etcd auth
+ username: ~
+ # -- Specifies etcd basic auth password if enable etcd auth
+ password: ~
# -- Ingress controller configuration
ingress-controller:
