Re: [PR] feat: add more config for gatewayproxy [apisix-helm-chart]

Mon, 20 Oct 2025 05:24:28 -0700 


vichaos commented on PR #885:
URL: 
https://github.com/apache/apisix-helm-chart/pull/885#issuecomment-3421847334

   Hi @AlinsRan and team! 👋
   
   First, thank you for this excellent fix! This addresses a critical security 
issue we've been experiencing in our production environment.
   
   ## Our Current Situation
   
   We're currently using APISIX Helm chart version **2.12.1** and encountering 
the exact issue this PR fixes. When we configure the GatewayProxy to use 
secret-based authentication, the generated resource includes both the hardcoded 
admin key and our secret reference:
   
   ```yaml
   apiVersion: apisix.apache.org/v1alpha1
   kind: GatewayProxy
   spec:
     provider:
       controlPlane:
         auth:
           adminKey:
             value: edd1c9f034335f136f87ad84b625c8f1  # ❌ Hardcoded default
             valueFrom:
               secretKeyRef:
                 key: ADMIN_KEY
                 name: apisix-private
   ```
   
   This creates security concerns as the hardcoded admin key appears alongside 
our intended secret-based authentication.
   
   ## Our Configuration
   
   ```yaml
   gatewayProxy:
     provider:
       controlPlane:
         auth:
           type: AdminKey
           adminKey:
             valueFrom:
               secretKeyRef:
                 name: apisix-private
                 key: ADMIN_KEY
   ```
   
   ## Questions
   
   1. **Release Timeline**: When can we expect this fix to be available in a 
released chart version? Will it be in 2.12.2 or 2.13.0?
   
   2. **Workaround Confirmation**: In the meantime, we've implemented the same 
conditional logic fix locally. Can you confirm this is the recommended approach 
until the official release?
   
   ## Impact
   
   This issue affects anyone using secret-based authentication for GatewayProxy 
in production environments, as it exposes hardcoded credentials alongside the 
intended secret references.
   
   Thank you again for addressing this issue! Looking forward to the official 
release. 🙏
   
   ---
   **Environment Details:**
   - Chart Version: 2.12.1
   - APISIX Version: 3.14.1
   - Use Case: Production deployment with secret-based admin authentication


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to