GeorgelPreput opened a new issue, #988:
URL: https://github.com/apache/apisix-helm-chart/issues/988
Currently `apisix.vault.token` is taken verbatim from `values.yaml` and
written in plaintext into the `apisix-<release>-config` ConfigMap:
```yaml
# templates/configmap.yaml
{{- if .Values.apisix.vault.enabled }}
vault:
host: {{ .Values.apisix.vault.host }}
timeout: {{ .Values.apisix.vault.timeout }}
token: {{ .Values.apisix.vault.token }} # plaintext token into ConfigMap
prefix: {{ .Values.apisix.vault.prefix }}
{{- end }}
```
There's no way to provide the Vault token via an existing Kubernetes Secret
— it must live in `values.yaml` (and therefore in the Helm release / Rancher
app config / git).
The chart already offers a `secretName` option for the admin API credentials
(`apisix.admin.credentials.secretName`). It would be helpful to have an
equivalent for the Vault token, e.g.:
```yaml
# values.yaml
vault:
enabled: false
host: ""
timeout: 10
token: ""
prefix: ""
secretName: "" # existing Secret containing the token
secretKey: "token" # key inside that Secret
```
When `secretName` is set, the chart would source the token from that Secret
rather than from the plaintext `token` field.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]