Skip to content

Commit

Permalink
fix: update dashboard, etc, ingresss versions, fix broken features af… (
Browse files Browse the repository at this point in the history
#752)

* fix: update dashboard, etc, ingresss versions, fix broken features after merge of v2

* chore: fix indentation for apisix dpeloyment annotations

* fix: disable default security context for embedded etcd

* chore: increase chart version to 2.8.0

* chore: fix new line absence in _helpers.tpl

---------

Co-authored-by: Katlinsky, Ilya <i.katlinsky@itransition.com>
  • Loading branch information
ikatlinsky and ikatlinski authored Jun 4, 2024
1 parent 693acfa commit 97c26c0
Show file tree
Hide file tree
Showing 12 changed files with 49 additions and 17 deletions.
10 changes: 5 additions & 5 deletions charts/apisix/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
dependencies:
- name: etcd
repository: https://charts.bitnami.com/bitnami
version: 8.7.7
version: 9.7.3
- name: apisix-dashboard
repository: https://charts.apiseven.com
version: 0.8.1
version: 0.8.2
- name: apisix-ingress-controller
repository: https://charts.apiseven.com
version: 0.13.0
digest: sha256:6ca1fc0eb06fef4d4502a3153ed77c9cd5a382ebe65e676791afe4272ac7c796
generated: "2023-12-14T20:21:52.603033345+02:00"
version: 0.14.0
digest: sha256:8d727979670a2b62af7672c36ebb2a4d294bc967b16fb5d1e144ed77c948062d
generated: "2024-04-29T09:07:03.535941+02:00"
8 changes: 4 additions & 4 deletions charts/apisix/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.7.0
version: 2.8.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand All @@ -42,16 +42,16 @@ sources:

dependencies:
- name: etcd
version: 8.7.7
version: 9.7.3
repository: https://charts.bitnami.com/bitnami
condition: etcd.enabled
- name: apisix-dashboard
version: 0.8.1
version: 0.8.2
repository: https://charts.apiseven.com
condition: dashboard.enabled
alias: dashboard
- name: apisix-ingress-controller
version: 0.13.0
version: 0.14.0
repository: https://charts.apiseven.com
condition: ingress-controller.enabled
alias: ingress-controller
Expand Down
7 changes: 5 additions & 2 deletions charts/apisix/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,11 @@ The command removes all the Kubernetes components associated with the chart and
| affinity | object | `{}` | Set affinity for Apache APISIX deploy |
| apisix.admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR allowed to access Apache APISIX Admin API service. |
| apisix.admin.cors | bool | `true` | Admin API support CORS response headers |
| apisix.admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
| apisix.admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretAdminKey":"","secretName":"","secretViewerKey":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
| apisix.admin.credentials.admin | string | `"edd1c9f034335f136f87ad84b625c8f1"` | Apache APISIX admin API admin role credentials |
| apisix.admin.credentials.secretAdminKey | string | `""` | Name of the admin role key in the secret, overrides the default key name "admin" |
| apisix.admin.credentials.secretName | string | `""` | The APISIX Helm chart supports storing user credentials in a secret. The secret needs to contain two keys, admin and viewer, with their respective values set. |
| apisix.admin.credentials.secretViewerKey | string | `""` | Name of the viewer role key in the secret, overrides the default key name "viewer" |
| apisix.admin.credentials.viewer | string | `"4054f7cf07e344346cd3f287985e76a2"` | Apache APISIX admin API viewer role credentials |
| apisix.admin.enabled | bool | `true` | Enable Admin API |
| apisix.admin.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic |
Expand Down Expand Up @@ -138,7 +140,7 @@ The command removes all the Kubernetes components associated with the chart and
| dashboard.config.conf.etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| dashboard.config.conf.etcd.username | string | `nil` | Specifies etcd basic auth username if enable etcd auth |
| dashboard.enabled | bool | `false` | |
| etcd | object | `{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"enabled":true,"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}` | etcd configuration use the FQDN address or the IP of the etcd |
| etcd | object | `{"auth":{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}},"containerSecurityContext":{"enabled":false},"enabled":true,"prefix":"/apisix","replicaCount":3,"service":{"port":2379},"timeout":30}` | etcd configuration use the FQDN address or the IP of the etcd |
| etcd.auth | object | `{"rbac":{"create":false,"rootPassword":""},"tls":{"certFilename":"","certKeyFilename":"","enabled":false,"existingSecret":"","sni":"","verify":true}}` | if etcd.enabled is true, set more values of bitnami/etcd helm chart |
| etcd.auth.rbac.create | bool | `false` | No authentication by default. Switch to enable RBAC authentication |
| etcd.auth.rbac.rootPassword | string | `""` | root password for etcd. Requires etcd.auth.rbac.create to be true. |
Expand All @@ -148,6 +150,7 @@ The command removes all the Kubernetes components associated with the chart and
| etcd.auth.tls.existingSecret | string | `""` | name of the secret contains etcd client cert |
| etcd.auth.tls.sni | string | `""` | specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset. |
| etcd.auth.tls.verify | bool | `true` | whether to verify the etcd endpoint certificate when setup a TLS connection to etcd |
| etcd.containerSecurityContext | object | `{"enabled":false}` | added for backward compatibility with old kubernetes versions, as seccompProfile is not supported in kubernetes < 1.19 |
| etcd.enabled | bool | `true` | install etcd(v3) by default, set false if do not want to install etcd(v3) together |
| etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| etcd.timeout | int | `30` | Set the timeout value in seconds for subsequent socket operations from apisix to etcd cluster |
Expand Down
Binary file removed charts/apisix/charts/apisix-dashboard-0.8.1.tgz
Binary file not shown.
Binary file added charts/apisix/charts/apisix-dashboard-0.8.2.tgz
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file removed charts/apisix/charts/etcd-8.7.7.tgz
Binary file not shown.
Binary file added charts/apisix/charts/etcd-9.7.3.tgz
Binary file not shown.
22 changes: 22 additions & 0 deletions charts/apisix/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -135,3 +135,25 @@ Return the password key name of etcd secret
{{- print .Values.externalEtcd.secretPasswordKey }}
{{- end }}
{{- end -}}

{{/*
Key to use to fetch admin token from secret
*/}}
{{- define "apisix.admin.credentials.secretAdminKey" -}}
{{- if .Values.admin.credentials.secretAdminKey }}
{{- .Values.admin.credentials.secretAdminKey }}
{{- else }}
{{- "admin" }}
{{- end }}
{{- end }}

{{/*
Key to use to fetch viewer token from secret
*/}}
{{- define "apisix.admin.credentials.secretViewerKey" -}}
{{- if .Values.admin.credentials.secretViewerKey }}
{{- .Values.admin.credentials.secretViewerKey }}
{{- else }}
{{- "viewer" }}
{{- end }}
{{- end }}
10 changes: 4 additions & 6 deletions charts/apisix/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,8 @@ spec:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if .Values.podAnnotations }}
{{- range $key, $value := $.Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.podAnnotations }}
{{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
labels:
{{- include "apisix.selectorLabels" . | nindent 8 }}
Expand Down Expand Up @@ -85,12 +83,12 @@ spec:
valueFrom:
secretKeyRef:
name: {{ .Values.apisix.admin.credentials.secretName }}
key: admin
key: {{ include "apisix.admin.credentials.secretAdminKey" . }}
- name: APISIX_VIEWER_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.apisix.admin.credentials.secretName }}
key: viewer
key: {{ include "apisix.admin.credentials.secretViewerKey" . }}
{{- end }}

{{- if or (and .Values.etcd.enabled .Values.etcd.auth.rbac.create) (and (not .Values.etcd.enabled) .Values.externalEtcd.user) }}
Expand Down
9 changes: 9 additions & 0 deletions charts/apisix/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,10 @@ apisix:
# -- The APISIX Helm chart supports storing user credentials in a secret.
# The secret needs to contain two keys, admin and viewer, with their respective values set.
secretName: ""
# -- Name of the admin role key in the secret, overrides the default key name "admin"
secretAdminKey: ""
# -- Name of the viewer role key in the secret, overrides the default key name "viewer"
secretViewerKey: ""

allow:
# -- The client IP CIDR allowed to access Apache APISIX Admin API service.
Expand Down Expand Up @@ -566,6 +570,11 @@ etcd:
# -- specify the TLS Server Name Indication extension, the ETCD endpoint hostname will be used when this setting is unset.
sni: ""

# -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
# -- added for backward compatibility with old kubernetes versions, as seccompProfile is not supported in kubernetes < 1.19
containerSecurityContext:
enabled: false

service:
port: 2379

Expand Down

0 comments on commit 97c26c0

Please sign in to comment.