[stable/influxdb] Adds option to create default user to influxDB (#659)

* Adds option to create default user to influxDB Reasons for change: - When authentication is enabled, at least one admin user must be available Changes made: - Adds job.yaml template - This job creates a default user if job is enabled in values.yaml Testing done: - Deployed in cluster and verified the creation of a user in InfluxDB * Moves job password to secret * Bump chart version to 0.3.0

[stable/influxdb] Adds option to create default user to influxDB (#659)
1167bf42 · jose5918 · Sean Knox · 742fa298 · 1167bf42 · 1167bf42
Commit 1167bf42 authored Mar 16, 2017 by jose5918 Committed by Sean Knox Mar 16, 2017
5 changed files
--- a/stable/influxdb/Chart.yaml
+++ b/stable/influxdb/Chart.yaml
 name: influxdb
-version: 0.2.1
+version: 0.3.0
 description: Scalable datastore for metrics, events, and real-time analytics.
 keywords:
 - influxdb

--- a/stable/influxdb/README.md
+++ b/stable/influxdb/README.md
@@ -70,3 +70,13 @@ $ helm install --name my-release -f values.yaml stable/influxdb
 The [InfluxDB](https://hub.docker.com/_/influxdb/) image stores data in the `/var/lib/influxdb` directory in the container.

 The chart mounts a [Persistent Volume](kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning.
+
+## Starting with authentication
+
+In `values.yaml` change `.Values.config.http.auth_enabled` to `true`.
+
+Influxdb requires also a user to be set in order for authentication to be enforced. See more details [here](https://docs.influxdata.com/influxdb/v1.2/query_language/authentication_and_authorization/#set-up-authentication).
+
+To handle this setup on startup, a job can be enabled in `values.yaml` by setting `.Values.setDefaultUser.enabled` to `true`.
+
+Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated.
--- a/stable/influxdb/templates/post-install-set-auth.yaml
+++ b/stable/influxdb/templates/post-install-set-auth.yaml
+{{- if .Values.setDefaultUser.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+  name: {{ template "fullname" . }}-set-auth
+  annotations:
+    "helm.sh/hook": post-install
+spec:
+  activeDeadlineSeconds: {{ default 300 .Values.setDefaultUser.activeDeadlineSeconds }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "fullname" . }}
+        release: "{{ .Release.Name }}"
+    spec:
+      containers:
+      - name: {{ template "fullname" . }}-set-auth
+        image: "{{ .Values.setDefaultUser.image }}"
+        env:
+          - name: INFLUXDB_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "fullname" . }}-auth
+                key: influxdb-user
+          - name: INFLUXDB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "fullname" . }}-auth
+                key: influxdb-password
+        args:
+          - "/bin/sh"
+          - "-c"
+          - |
+             curl -X POST http://{{ template "fullname" . }}:{{ .Values.config.http.bind_address }}/query \
+             --data-urlencode \
+             "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' {{ .Values.setDefaultUser.user.privileges }}"
+      restartPolicy: {{ .Values.setDefaultUser.restartPolicy }}
+{{- end -}}
--- a/stable/influxdb/templates/secret.yaml
+++ b/stable/influxdb/templates/secret.yaml
+{{- if .Values.setDefaultUser.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+  name: {{ template "fullname" . }}-auth
+data:
+  {{- if .Values.setDefaultUser.user.password }}
+  influxdb-password:  {{ .Values.setDefaultUser.user.password | b64enc | quote }}
+  {{- else }}
+  influxdb-password: {{ randAscii 10 | b64enc | quote }}
+  {{- end }}
+  influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }}
+{{- end -}}
--- a/stable/influxdb/values.yaml
+++ b/stable/influxdb/values.yaml
@@ -23,6 +23,40 @@ persistence:
  accessMode: ReadWriteOnce
  size: 8Gi

+## Create default user through Kubernetes job
+## Defaults indicated below
+##
+setDefaultUser:
+  enabled: false
+
+  ## Image of the container used for job
+  ## Default: appropriate/curl:latest
+  ##
+  # image: appropriate/curl:latest
+
+  ## Deadline for job so it does not retry forever.
+  ## Default: activeDeadline: 300
+  ##
+  # activeDeadline: 300
+
+  ## Restart policy for job
+  ## Default: OnFailure
+  # restartPolicy: OnFailure
+
+  # user:
+
+    ## The user name
+    ## Default: "admin"
+    # username: "admin"
+
+    ## User password
+    ## Default: (Randomly generated 10 characters of Ascii)
+    # password:
+
+    ## User privileges
+    ## Default: "WITH ALL PRIVILEGES"
+    # privileges: "WITH ALL PRIVILEGES"
+
 ## Configure resource requests and limits
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 resources: