feat: support authentication and shared internal secret

charts/influxdb-enterprise/templates/auth-job.yaml

+{{- if .Values.auth.secretName -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "influxdb-enterprise.fullname" . }}-set-auth
+  labels:
+    {{- include "influxdb-enterprise.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  activeDeadlineSeconds: 300
+  backoffLimit: 10
+  template:
+    metadata:
+      labels:
+        {{- include "influxdb-enterprise.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: {{ include "influxdb-enterprise.fullname" . }}-set-auth
+        image: curlimages/curl:7.70.0
+        env:
+        - name: INFLUXDB_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.auth.secretName }}
+              key: "username"
+        - name: INFLUXDB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.auth.secretName }}
+              key: "password"
+        command:
+          - curl
+        args:
+          - "-X"
+          - "POST"
+          - "http://{{ include "influxdb-enterprise.fullname" . }}-data:8086/query"
+          - "--data-urlencode"
+          - "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' WITH ALL PRIVILEGES"
+      restartPolicy: OnFailure
+{{- end -}}

charts/influxdb-enterprise/templates/data-service.yaml

@@ -10,6 +10,9 @@ spec:
   clusterIP: None
   publishNotReadyAddresses: true
   ports:
+  - port: 8086
+    protocol: TCP
+    name: http
   - port: 8088
     protocol: TCP
     name: rpc

charts/influxdb-enterprise/templates/meta-statefulset.yaml

@@ -49,6 +49,12 @@ spec:
             {{- toYaml .Values.meta.securityContext | nindent 12 }}
           image: "{{ .Values.meta.image.repository | default "influxdb" }}:{{ .Values.meta.image.tag | default (printf "%s-%s" .Chart.AppVersion "meta") }}"
           imagePullPolicy: {{ .Values.meta.image.pullPolicy }}
+          env:
+            - name: INFLUXDB_META_INTERNAL_SHARED_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: shared-secret
+                  key: secret
           ports:
             - name: http
               containerPort: 8091

charts/influxdb-enterprise/values.yaml

@@ -15,6 +15,10 @@ license: {}
   #  name: license
   #  key: json
 
+# A secret with keys "username" and "password" is required
+auth: {}
+  #secretName: auth
+
 meta:
   replicas: 3
   image: {}
@@ -35,6 +39,14 @@ meta:
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
   # runAsUser: 1000
+  #
+  #
+  # This secret needs a key called "secret" and it should be a long random string
+  # Please see docs for shared-internal-secret:
+  # https://docs.influxdata.com/enterprise_influxdb/v1.8/administration/config-data-nodes/#meta-internal-shared-secret
+  shared-secret:
+    secretName: shared-secret
+  #
   ## Persist data to a persistent volume
   ##
   persistence: