From cb5df905951bede532a1ef73a88a0a66c67e5044 Mon Sep 17 00:00:00 2001 From: Miguel Ruiz Date: Mon, 24 Feb 2025 14:52:49 +0100 Subject: [PATCH] [bitnami/apisix] Add support for `usePasswordFiles` (#32077) * [bitnami/apisix] Add support for `usePasswordFiles` Signed-off-by: Miguel Ruiz * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers * Fix typo Signed-off-by: Miguel Ruiz * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Fix deployments Signed-off-by: Miguel Ruiz * Update CHANGELOG.md Signed-off-by: Bitnami Containers --------- Signed-off-by: Miguel Ruiz Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/apisix/CHANGELOG.md | 6 +- bitnami/apisix/Chart.yaml | 2 +- bitnami/apisix/README.md | 1 + bitnami/apisix/templates/_helpers.tpl | 61 +++++++++++++++++++ .../templates/control-plane/dep-ds.yaml | 11 ++++ .../templates/dashboard/deployment.yaml | 15 +++++ .../apisix/templates/data-plane/dep-ds.yaml | 13 ++++ .../ingress-controller/deployment.yaml | 13 ++++ bitnami/apisix/values.yaml | 5 +- 9 files changed, 124 insertions(+), 3 deletions(-) diff --git a/bitnami/apisix/CHANGELOG.md b/bitnami/apisix/CHANGELOG.md index cbf3901667..4328915b8e 100644 --- a/bitnami/apisix/CHANGELOG.md +++ b/bitnami/apisix/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog +## 4.2.0 (2025-02-24) + +* [bitnami/apisix] Add support for `usePasswordFiles` ([#32077](https://github.com/bitnami/charts/pull/32077)) + ## 4.1.0 (2025-02-20) -* [bitnami/apisix] feat: use new helper for checking API versions ([#32045](https://github.com/bitnami/charts/pull/32045)) +* [bitnami/apisix] feat: use new helper for checking API versions (#32045) ([c327f4b](https://github.com/bitnami/charts/commit/c327f4ba9cf6889d452e0f3fce495c10c6d1c106)), closes [#32045](https://github.com/bitnami/charts/issues/32045) ## 4.0.2 (2025-02-18) diff --git a/bitnami/apisix/Chart.yaml b/bitnami/apisix/Chart.yaml index ad4141d715..220d38bf81 100644 --- a/bitnami/apisix/Chart.yaml +++ b/bitnami/apisix/Chart.yaml @@ -45,4 +45,4 @@ sources: - https://github.com/bitnami/charts/tree/main/bitnami/apisix - https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard - https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller -version: 4.1.0 +version: 4.2.0 diff --git a/bitnami/apisix/README.md b/bitnami/apisix/README.md index e50179c143..9dc1f557f8 100644 --- a/bitnami/apisix/README.md +++ b/bitnami/apisix/README.md @@ -301,6 +301,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an | `commonAnnotations` | Annotations to add to all deployed objects | `{}` | | `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `usePasswordFiles` | Mount credentials as files instead of using environment variables | `true` | | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | diff --git a/bitnami/apisix/templates/_helpers.tpl b/bitnami/apisix/templates/_helpers.tpl index c3c95f9f36..593d469242 100644 --- a/bitnami/apisix/templates/_helpers.tpl +++ b/bitnami/apisix/templates/_helpers.tpl @@ -336,6 +336,18 @@ Init container definition for waiting for the database to be ready ln -sf /opt/bitnami/apisix/deps /usr/local/apisix ln -sf /opt/bitnami/apisix/openresty/luajit/share/lua/*/apisix /usr/local/apisix mkdir -p /usr/local/apisix/logs + {{- if .context.Values.usePasswordFiles }} + {{- if .context.Values.controlPlane.enabled }} + export APISIX_ADMIN_API_TOKEN="$(< $APISIX_ADMIN_API_TOKEN_FILE)" + export APISIX_VIEWER_API_TOKEN="$(< $APISIX_VIEWER_API_TOKEN_FILE)" + {{- end }} + {{- if (include "apisix.etcd.authEnabled" .context) }} + export APISIX_ETCD_PASSWORD="$(< $APISIX_ETCD_PASSWORD_FILE)" + {{- end}} + {{- if eq .component "dashboard" }} + export APISIX_DASHBOARD_PASSWORD="$(< $APISIX_DASHBOARD_PASSWORD_FILE)" + {{- end }} + {{- end }} # Build final config.yaml with the sections of the different files cp /bitnami/apisix/rendered-conf/config.yaml /usr/local/apisix/conf/ chmod 644 /usr/local/apisix/conf/config.yaml @@ -352,6 +364,12 @@ Init container definition for waiting for the database to be ready - name: BITNAMI_DEBUG value: {{ ternary "true" "false" (or .context.Values.image.debug .context.Values.diagnosticMode.enabled) | quote }} {{- if .context.Values.controlPlane.enabled }} + {{- if .context.Values.usePasswordFiles }} + - name: APISIX_ADMIN_API_TOKEN_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.control-plane.adminTokenKey" .context) }} + - name: APISIX_VIEWER_API_TOKEN_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.control-plane.viewerTokenKey" .context) }} + {{- else }} - name: APISIX_ADMIN_API_TOKEN valueFrom: secretKeyRef: @@ -363,15 +381,21 @@ Init container definition for waiting for the database to be ready name: {{ include "apisix.control-plane.secretName" .context }} key: {{ include "apisix.control-plane.viewerTokenKey" .context }} {{- end }} + {{- end }} {{- if (include "apisix.etcd.authEnabled" .context) }} - name: APISIX_ETCD_USER value: {{ include "apisix.etcd.user" .context }} + {{- if .context.Values.usePasswordFiles }} + - name: APISIX_ETCD_PASSWORD_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.etcd.secretPasswordKey" .context) }} + {{- else }} - name: APISIX_ETCD_PASSWORD valueFrom: secretKeyRef: name: {{ include "apisix.etcd.secretName" .context }} key: {{ include "apisix.etcd.secretPasswordKey" .context }} {{- end }} + {{- end }} {{- if $block.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $block.extraEnvVars "context" .context) | nindent 4 }} {{- end }} @@ -394,6 +418,10 @@ Init container definition for waiting for the database to be ready - name: empty-dir mountPath: /tmp subPath: tmp-dir + {{- if and .context.Values.usePasswordFiles (or (eq .component "dashboard") .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .)) }} + - name: apisix-secrets + mountPath: /opt/bitnami/apisix/secrets + {{- end }} {{- if $block.tls.enabled }} - name: certs mountPath: /bitnami/certs @@ -559,6 +587,18 @@ Render configuration for the dashboard and ingress-controller components - | #!/bin/bash # Build final config.yaml with the sections of the different files + {{- if .context.Values.usePasswordFiles }} + {{- if .context.Values.controlPlane.enabled }} + export APISIX_ADMIN_API_TOKEN="$(< $APISIX_ADMIN_API_TOKEN_FILE)" + export APISIX_VIEWER_API_TOKEN="$(< $APISIX_VIEWER_API_TOKEN_FILE)" + {{- end }} + {{- if (include "apisix.etcd.authEnabled" .context) }} + export APISIX_ETCD_PASSWORD="$(< $APISIX_ETCD_PASSWORD_FILE)" + {{- end}} + {{- if eq .component "dashboard" }} + export APISIX_DASHBOARD_PASSWORD="$(< $APISIX_DASHBOARD_PASSWORD_FILE)" + {{- end }} + {{- end }} find /bitnami/apisix/conf -type f -name *.yaml -print0 | sort -z | xargs -0 yq eval-all '. as $item ireduce ({}; . * $item )' > /bitnami/apisix/rendered-conf/pre-render-config.yaml render-template /bitnami/apisix/rendered-conf/pre-render-config.yaml > /bitnami/apisix/rendered-conf/config.yaml chmod 644 /bitnami/apisix/rendered-conf/config.yaml @@ -567,6 +607,12 @@ Render configuration for the dashboard and ingress-controller components - name: BITNAMI_DEBUG value: {{ ternary "true" "false" (or .context.Values.image.debug .context.Values.diagnosticMode.enabled) | quote }} {{- if .context.Values.controlPlane.enabled }} + {{- if .context.Values.usePasswordFiles }} + - name: APISIX_ADMIN_API_TOKEN_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.control-plane.adminTokenKey" .context) }} + - name: APISIX_VIEWER_API_TOKEN_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.control-plane.viewerTokenKey" .context) }} + {{- else }} - name: APISIX_ADMIN_API_TOKEN valueFrom: secretKeyRef: @@ -578,24 +624,35 @@ Render configuration for the dashboard and ingress-controller components name: {{ include "apisix.control-plane.secretName" .context }} key: {{ include "apisix.control-plane.viewerTokenKey" .context }} {{- end }} + {{- end }} {{- if (include "apisix.etcd.authEnabled" .context) }} - name: APISIX_ETCD_USER value: {{ include "apisix.etcd.user" .context }} + {{- if .context.Values.usePasswordFiles }} + - name: APISIX_ETCD_PASSWORD_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.etcd.secretPasswordKey" .context) }} + {{- else }} - name: APISIX_ETCD_PASSWORD valueFrom: secretKeyRef: name: {{ include "apisix.etcd.secretName" .context }} key: {{ include "apisix.etcd.secretPasswordKey" .context }} {{- end }} + {{- end }} {{- if eq .component "dashboard" }} - name: APISIX_DASHBOARD_USER value: {{ $block.username | quote }} + {{- if .context.Values.usePasswordFiles }} + - name: APISIX_DASHBOARD_PASSWORD_FILE + value: {{ printf "/opt/bitnami/apisix/secrets/%s" (include "apisix.dashboard.secretPasswordKey" .context) }} + {{- else }} - name: APISIX_DASHBOARD_PASSWORD valueFrom: secretKeyRef: name: {{ include "apisix.dashboard.secretName" .context }} key: {{ include "apisix.dashboard.secretPasswordKey" .context }} {{- end }} + {{- end }} {{- if $block.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $block.extraEnvVars "context" $) | nindent 4 }} {{- end }} @@ -614,6 +671,10 @@ Render configuration for the dashboard and ingress-controller components subPath: app-conf-dir - name: config mountPath: /bitnami/apisix/conf/00_default + {{- if and .context.Values.usePasswordFiles (or (eq .component "dashboard") .context.Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .)) }} + - name: apisix-secrets + mountPath: /opt/bitnami/apisix/secrets + {{- end }} {{- if or $block.extraConfig $block.extraConfigExistingConfigMap }} - name: extra-config mountPath: /bitnami/apisix/conf/01_extra diff --git a/bitnami/apisix/templates/control-plane/dep-ds.yaml b/bitnami/apisix/templates/control-plane/dep-ds.yaml index 3ef6c37c7b..b97a896e5a 100644 --- a/bitnami/apisix/templates/control-plane/dep-ds.yaml +++ b/bitnami/apisix/templates/control-plane/dep-ds.yaml @@ -192,6 +192,17 @@ spec: - name: config configMap: name: {{ include "apisix.control-plane.defaultConfigmapName" . }} + {{- if .Values.usePasswordFiles }} + - name: apisix-secrets + projected: + sources: + - secret: + name: {{ include "apisix.control-plane.secretName" . }} + {{- if (include "apisix.etcd.authEnabled" .) }} + - secret: + name: {{ include "apisix.etcd.secretName" . }} + {{- end }} + {{- end }} {{- if or .Values.controlPlane.extraConfig .Values.controlPlane.extraConfigExistingConfigMap }} - name: extra-config configMap: diff --git a/bitnami/apisix/templates/dashboard/deployment.yaml b/bitnami/apisix/templates/dashboard/deployment.yaml index 48ecbdf77f..efc49c7a69 100644 --- a/bitnami/apisix/templates/dashboard/deployment.yaml +++ b/bitnami/apisix/templates/dashboard/deployment.yaml @@ -181,6 +181,21 @@ spec: - name: config configMap: name: {{ include "apisix.dashboard.defaultConfigmapName" . }} + {{- if .Values.usePasswordFiles }} + - name: apisix-secrets + projected: + sources: + - secret: + name: {{ include "apisix.dashboard.secretName" . }} + {{- if (include "apisix.etcd.authEnabled" .) }} + - secret: + name: {{ include "apisix.etcd.secretName" . }} + {{- end }} + {{- if .Values.controlPlane.enabled }} + - secret: + name: {{ include "apisix.control-plane.secretName" . }} + {{- end }} + {{- end }} {{- if or .Values.dashboard.extraConfig .Values.dashboard.extraConfigExistingConfigMap }} - name: extra-config configMap: diff --git a/bitnami/apisix/templates/data-plane/dep-ds.yaml b/bitnami/apisix/templates/data-plane/dep-ds.yaml index 641d7415b4..bddf792238 100644 --- a/bitnami/apisix/templates/data-plane/dep-ds.yaml +++ b/bitnami/apisix/templates/data-plane/dep-ds.yaml @@ -196,6 +196,19 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.dataPlane.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + {{- if and .Values.usePasswordFiles (or .Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .)) }} + - name: apisix-secrets + projected: + sources: + {{- if (include "apisix.etcd.authEnabled" .) }} + - secret: + name: {{ include "apisix.etcd.secretName" . }} + {{- end }} + {{- if .Values.controlPlane.enabled }} + - secret: + name: {{ include "apisix.control-plane.secretName" . }} + {{- end }} + {{- end }} - name: config configMap: name: {{ include "apisix.data-plane.defaultConfigmapName" . }} diff --git a/bitnami/apisix/templates/ingress-controller/deployment.yaml b/bitnami/apisix/templates/ingress-controller/deployment.yaml index 462628d842..58a359dff7 100644 --- a/bitnami/apisix/templates/ingress-controller/deployment.yaml +++ b/bitnami/apisix/templates/ingress-controller/deployment.yaml @@ -187,6 +187,19 @@ spec: - name: config configMap: name: {{ include "apisix.ingress-controller.defaultConfigmapName" . }} + {{- if and .Values.usePasswordFiles (or .Values.controlPlane.enabled (include "apisix.etcd.authEnabled" .)) }} + - name: apisix-secrets + projected: + sources: + {{- if (include "apisix.etcd.authEnabled" .) }} + - secret: + name: {{ include "apisix.etcd.secretName" . }} + {{- end }} + {{- if .Values.controlPlane.enabled }} + - secret: + name: {{ include "apisix.control-plane.secretName" . }} + {{- end }} + {{- end }} {{- if or .Values.ingressController.extraConfig .Values.ingressController.extraConfigExistingConfigMap }} - name: extra-config configMap: diff --git a/bitnami/apisix/values.yaml b/bitnami/apisix/values.yaml index 3f0cfe1080..c95f95a657 100644 --- a/bitnami/apisix/values.yaml +++ b/bitnami/apisix/values.yaml @@ -65,6 +65,9 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] +## @param usePasswordFiles Mount credentials as files instead of using environment variables +## +usePasswordFiles: true ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -1845,7 +1848,7 @@ dashboard: - ai - cas-auth - multi-auth - + ## @param dashboard.extraConfig extra configuration settings for APISIX Dashboard ## extraConfig: {}