This is an automated email from the ASF dual-hosted git repository.
gallardot pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 97c26c0 fix: update dashboard, etc, ingresss versions, fix broken
features af… (#752)
97c26c0 is described below
commit 97c26c0e802debaf0b5552763e19591a6ac25427
Author: ikatlinsky <[email protected]>
AuthorDate: Tue Jun 4 12:01:07 2024 +0200
fix: update dashboard, etc, ingresss versions, fix broken features af…
(#752)
* fix: update dashboard, etc, ingresss versions, fix broken features after
merge of v2
* chore: fix indentation for apisix dpeloyment annotations
* fix: disable default security context for embedded etcd
* chore: increase chart version to 2.8.0
* chore: fix new line absence in _helpers.tpl
---------
Co-authored-by: Katlinsky, Ilya <[email protected]>
---
charts/apisix/Chart.lock | 10 +++++-----
charts/apisix/Chart.yaml | 8 ++++----
charts/apisix/README.md | 7 +++++--
charts/apisix/charts/apisix-dashboard-0.8.1.tgz | Bin 7143 -> 0 bytes
charts/apisix/charts/apisix-dashboard-0.8.2.tgz | Bin 0 -> 8013 bytes
.../charts/apisix-ingress-controller-0.13.0.tgz | Bin 20799 -> 0 bytes
.../charts/apisix-ingress-controller-0.14.0.tgz | Bin 0 -> 21599 bytes
charts/apisix/charts/etcd-8.7.7.tgz | Bin 43592 -> 0 bytes
charts/apisix/charts/etcd-9.7.3.tgz | Bin 0 -> 44977 bytes
charts/apisix/templates/_helpers.tpl | 22 +++++++++++++++++++++
charts/apisix/templates/deployment.yaml | 10 ++++------
charts/apisix/values.yaml | 9 +++++++++
12 files changed, 49 insertions(+), 17 deletions(-)
diff --git a/charts/apisix/Chart.lock b/charts/apisix/Chart.lock
index 632b1d7..fe7b0bf 100644
--- a/charts/apisix/Chart.lock
+++ b/charts/apisix/Chart.lock
@@ -1,12 +1,12 @@
dependencies:
- name: etcd
repository: https://charts.bitnami.com/bitnami
- version: 8.7.7
+ version: 9.7.3
- name: apisix-dashboard
repository: https://charts.apiseven.com
- version: 0.8.1
+ version: 0.8.2
- name: apisix-ingress-controller
repository: https://charts.apiseven.com
- version: 0.13.0
-digest: sha256:6ca1fc0eb06fef4d4502a3153ed77c9cd5a382ebe65e676791afe4272ac7c796
-generated: "2023-12-14T20:21:52.603033345+02:00"
+ version: 0.14.0
+digest: sha256:8d727979670a2b62af7672c36ebb2a4d294bc967b16fb5d1e144ed77c948062d
+generated: "2024-04-29T09:07:03.535941+02:00"
diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index 8c88599..0d390e0 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each
time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.7.0
+version: 2.8.0
# This is the version number of the application being deployed. This version
number should be
# incremented each time you make changes to the application. Versions are not
expected to
@@ -42,16 +42,16 @@ sources:
dependencies:
- name: etcd
- version: 8.7.7
+ version: 9.7.3
repository: https://charts.bitnami.com/bitnami
condition: etcd.enabled
- name: apisix-dashboard
- version: 0.8.1
+ version: 0.8.2
repository: https://charts.apiseven.com
condition: dashboard.enabled
alias: dashboard
- name: apisix-ingress-controller
- version: 0.13.0
+ version: 0.14.0
repository: https://charts.apiseven.com
condition: ingress-controller.enabled
alias: ingress-controller
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index ce40aba..0d17866 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -43,9 +43,11 @@ The command removes all the Kubernetes components associated
with the chart and
| affinity | object | `{}` | Set affinity for Apache APISIX deploy |
| apisix.admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR
allowed to access Apache APISIX Admin API service. |
| apisix.admin.cors | bool | `true` | Admin API support CORS response headers |
-| apisix.admin.credentials | object |
`{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}`
| Admin API credentials |
+| apisix.admin.credentials | object |
`{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretAdminKey":"","secretName":"","secretViewerKey":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}`
| Admin API credentials |
| apisix.admin.credentials.admin | string |
`"edd1c9f034335f136f87ad84b625c8f1"` | Apache APISIX admin API admin role
credentials |
+| apisix.admin.credentials.secretAdminKey | string | `""` | Name of the admin
role key in the secret, overrides the default key name "admin" |
| apisix.admin.credentials.secretName | string | `""` | The APISIX Helm chart
supports storing user credentials in a secret. The secret needs to contain two
keys, admin and viewer, with their respective values set. |
+| apisix.admin.credentials.secretViewerKey | string | `""` | Name of the
viewer role key in the secret, overrides the default key name "viewer" |
| apisix.admin.credentials.viewer | string |
`"4054f7cf07e344346cd3f287985e76a2"` | Apache APISIX admin API viewer role
credentials |
| apisix.admin.enabled | bool | `true` | Enable Admin API |
| apisix.admin.externalIPs | list | `[]` | IPs for which nodes in the cluster
will also accept traffic for the servic |
@@ -138,7 +140,7 @@ The command removes all the Kubernetes components
associated with the chart and
| dashboard.config.conf.etcd.prefix | string | `"/apisix"` | apisix
configurations prefix |
| dashboard.config.conf.etcd.username | string | `nil` | Specifies etcd basic
auth username if enable etcd auth |
| dashboard.enabled | bool | `false` | |
-| etcd | object |
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}`
| etcd configuration use the FQDN address or the IP of the etcd |
+| etcd | object |
`{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"containerSecurityContext":{"enabled":false},"enabled":true,"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}`
| etcd configuration use the FQDN address or the IP of the etcd |
| etcd.auth | object |
`{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}`
| if etcd.enabled is true, set more values of bitnami/etcd helm chart |
| etcd.auth.rbac.create | bool | `false` | No authentication by default.
Switch to enable RBAC authentication |
| etcd.auth.rbac.rootPassword | string | `""` | root password for etcd.
Requires etcd.auth.rbac.create to be true. |
@@ -148,6 +150,7 @@ The command removes all the Kubernetes components
associated with the chart and
| etcd.auth.tls.existingSecret | string | `""` | name of the secret contains
etcd client cert |
| etcd.auth.tls.sni | string | `""` | specify the TLS Server Name Indication
extension, the ETCD endpoint hostname will be used when this setting is unset. |
| etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint
certificate when setup a TLS connection to etcd |
+| etcd.containerSecurityContext | object | `{"enabled":false}` | added for
backward compatibility with old kubernetes versions, as seccompProfile is not
supported in kubernetes < 1.19 |
| etcd.enabled | bool | `true` | install etcd(v3) by default, set false if do
not want to install etcd(v3) together |
| etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| etcd.timeout | int | `30` | Set the timeout value in seconds for subsequent
socket operations from apisix to etcd cluster |
diff --git a/charts/apisix/charts/apisix-dashboard-0.8.1.tgz
b/charts/apisix/charts/apisix-dashboard-0.8.1.tgz
deleted file mode 100644
index 0a93cd5..0000000
Binary files a/charts/apisix/charts/apisix-dashboard-0.8.1.tgz and /dev/null
differ
diff --git a/charts/apisix/charts/apisix-dashboard-0.8.2.tgz
b/charts/apisix/charts/apisix-dashboard-0.8.2.tgz
new file mode 100644
index 0000000..3a9992e
Binary files /dev/null and b/charts/apisix/charts/apisix-dashboard-0.8.2.tgz
differ
diff --git a/charts/apisix/charts/apisix-ingress-controller-0.13.0.tgz
b/charts/apisix/charts/apisix-ingress-controller-0.13.0.tgz
deleted file mode 100644
index 6f741aa..0000000
Binary files a/charts/apisix/charts/apisix-ingress-controller-0.13.0.tgz and
/dev/null differ
diff --git a/charts/apisix/charts/apisix-ingress-controller-0.14.0.tgz
b/charts/apisix/charts/apisix-ingress-controller-0.14.0.tgz
new file mode 100644
index 0000000..9d8693f
Binary files /dev/null and
b/charts/apisix/charts/apisix-ingress-controller-0.14.0.tgz differ
diff --git a/charts/apisix/charts/etcd-8.7.7.tgz
b/charts/apisix/charts/etcd-8.7.7.tgz
deleted file mode 100644
index 5f68f5d..0000000
Binary files a/charts/apisix/charts/etcd-8.7.7.tgz and /dev/null differ
diff --git a/charts/apisix/charts/etcd-9.7.3.tgz
b/charts/apisix/charts/etcd-9.7.3.tgz
new file mode 100644
index 0000000..dd19be3
Binary files /dev/null and b/charts/apisix/charts/etcd-9.7.3.tgz differ
diff --git a/charts/apisix/templates/_helpers.tpl
b/charts/apisix/templates/_helpers.tpl
index 1b92060..7dd454a 100644
--- a/charts/apisix/templates/_helpers.tpl
+++ b/charts/apisix/templates/_helpers.tpl
@@ -135,3 +135,25 @@ Return the password key name of etcd secret
{{- print .Values.externalEtcd.secretPasswordKey }}
{{- end }}
{{- end -}}
+
+{{/*
+Key to use to fetch admin token from secret
+*/}}
+{{- define "apisix.admin.credentials.secretAdminKey" -}}
+{{- if .Values.admin.credentials.secretAdminKey }}
+{{- .Values.admin.credentials.secretAdminKey }}
+{{- else }}
+{{- "admin" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Key to use to fetch viewer token from secret
+*/}}
+{{- define "apisix.admin.credentials.secretViewerKey" -}}
+{{- if .Values.admin.credentials.secretViewerKey }}
+{{- .Values.admin.credentials.secretViewerKey }}
+{{- else }}
+{{- "viewer" }}
+{{- end }}
+{{- end }}
diff --git a/charts/apisix/templates/deployment.yaml
b/charts/apisix/templates/deployment.yaml
index 2a92928..07734c3 100644
--- a/charts/apisix/templates/deployment.yaml
+++ b/charts/apisix/templates/deployment.yaml
@@ -38,10 +38,8 @@ spec:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath
"/configmap.yaml") . | sha256sum }}
- {{- if .Values.podAnnotations }}
- {{- range $key, $value := $.Values.podAnnotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
+ {{- with .Values.podAnnotations }}
+ {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
labels:
{{- include "apisix.selectorLabels" . | nindent 8 }}
@@ -85,12 +83,12 @@ spec:
valueFrom:
secretKeyRef:
name: {{ .Values.apisix.admin.credentials.secretName }}
- key: admin
+ key: {{ include "apisix.admin.credentials.secretAdminKey" .
}}
- name: APISIX_VIEWER_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.apisix.admin.credentials.secretName }}
- key: viewer
+ key: {{ include "apisix.admin.credentials.secretViewerKey" .
}}
{{- end }}
{{- if or (and .Values.etcd.enabled .Values.etcd.auth.rbac.create)
(and (not .Values.etcd.enabled) .Values.externalEtcd.user) }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 7020cde..1b5241e 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -333,6 +333,10 @@ apisix:
# -- The APISIX Helm chart supports storing user credentials in a secret.
# The secret needs to contain two keys, admin and viewer, with their
respective values set.
secretName: ""
+ # -- Name of the admin role key in the secret, overrides the default key
name "admin"
+ secretAdminKey: ""
+ # -- Name of the viewer role key in the secret, overrides the default
key name "viewer"
+ secretViewerKey: ""
allow:
# -- The client IP CIDR allowed to access Apache APISIX Admin API
service.
@@ -566,6 +570,11 @@ etcd:
# -- specify the TLS Server Name Indication extension, the ETCD endpoint
hostname will be used when this setting is unset.
sni: ""
+ # -- ref:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ # -- added for backward compatibility with old kubernetes versions, as
seccompProfile is not supported in kubernetes < 1.19
+ containerSecurityContext:
+ enabled: false
+
service:
port: 2379
