Skip to content

I
influxdb
Commit 7d6d6747 authored by Angelo Fausti's avatar Angelo Fausti Committed by Kubernetes Prow Robot
Browse files
Options

[stable/influxdb] Set the default user from an existing secret (#19601)

* Set the default user from an existing secret Signed-off-by: 's avatarAngelo Fausti <afausti@lsst.org> * Address reviewer comments Signed-off-by: 's avatarAngelo Fausti <afausti@lsst.org>
parent ad270310
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 3 deletions
stable/influxdb/Chart.yaml
View file @ 7d6d6747
apiVersion: v1
name: influxdb
version: 3.0.2
version: 3.1.0
appVersion: 1.7.6
description: Scalable datastore for metrics, events, and real-time analytics.
keywords:
......
stable/influxdb/README.md
View file @ 7d6d6747
......@@ -81,6 +81,8 @@ To handle this setup on startup, a job can be enabled in `values.yaml` by settin
Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated.
Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets.
## Upgrading
### From < 1.0.0 To >= 1.0.0
......
stable/influxdb/templates/NOTES.txt
View file @ 7d6d6747
......@@ -18,10 +18,25 @@ To tail the logs for the InfluxDB pod run the following:
To retrieve the default user name:
{{- if .Values.setDefaultUser.user.existingSecret }}
- echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- else }}
- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- end }}
To retrieve the default user password:
{{- if .Values.setDefaultUser.user.existingSecret }}
- echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- else }}
- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- end }}
\ No newline at end of file
{{- end }}
{{- end }}
stable/influxdb/templates/post-install-set-auth.yaml
View file @ 7d6d6747
......@@ -26,12 +26,20 @@ spec:
- name: INFLUXDB_USER
valueFrom:
secretKeyRef:
{{- if .Values.setDefaultUser.user.existingSecret }}
name: {{ .Values.setDefaultUser.user.existingSecret -}}
{{ else }}
name: {{ template "influxdb.fullname" . }}-auth
{{- end }}
key: influxdb-user
- name: INFLUXDB_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.setDefaultUser.user.existingSecret }}
name: {{ .Values.setDefaultUser.user.existingSecret -}}
{{ else }}
name: {{ template "influxdb.fullname" . }}-auth
{{- end }}
key: influxdb-password
args:
- "/bin/sh"
......
stable/influxdb/templates/secret.yaml
View file @ 7d6d6747
{{- if .Values.setDefaultUser.enabled -}}
{{- if not (.Values.setDefaultUser.user.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
......@@ -16,3 +17,4 @@ data:
{{- end }}
influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }}
{{- end -}}
{{- end -}}
stable/influxdb/values.yaml
View file @ 7d6d6747
......@@ -87,6 +87,11 @@ setDefaultUser:
## Default: (Randomly generated 10 characters of AlphaNum)
# password:
## The user name and password are obtained from an existing secret. The expected
## keys are `influxdb-user` and `influxdb-password`.
## If set, the username and password values above are ignored.
# existingSecret: influxdb-auth
## User privileges
## Default: "WITH ALL PRIVILEGES"
privileges: "WITH ALL PRIVILEGES"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment