Skip to content

I
influxdb
You need to sign in or sign up before continuing.
Commit 7d6d6747 authored by Angelo Fausti's avatar Angelo Fausti Committed by Kubernetes Prow Robot
Browse files
Options

[stable/influxdb] Set the default user from an existing secret (#19601)

* Set the default user from an existing secret Signed-off-by: 's avatarAngelo Fausti <afausti@lsst.org> * Address reviewer comments Signed-off-by: 's avatarAngelo Fausti <afausti@lsst.org>
parent ad270310
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 3 deletions
stable/influxdb/Chart.yaml
View file @ 7d6d6747
apiVersion: v1 apiVersion: v1
name: influxdb name: influxdb
version: 3.0.2 version: 3.1.0
appVersion: 1.7.6 appVersion: 1.7.6
description: Scalable datastore for metrics, events, and real-time analytics. description: Scalable datastore for metrics, events, and real-time analytics.
keywords: keywords:
......
stable/influxdb/README.md
View file @ 7d6d6747
...@@ -81,6 +81,8 @@ To handle this setup on startup, a job can be enabled in `values.yaml` by settin ...@@ -81,6 +81,8 @@ To handle this setup on startup, a job can be enabled in `values.yaml` by settin
Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated. Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated.
Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets.
## Upgrading ## Upgrading
### From < 1.0.0 To >= 1.0.0 ### From < 1.0.0 To >= 1.0.0
......
stable/influxdb/templates/NOTES.txt
View file @ 7d6d6747
...@@ -18,10 +18,25 @@ To tail the logs for the InfluxDB pod run the following: ...@@ -18,10 +18,25 @@ To tail the logs for the InfluxDB pod run the following:
To retrieve the default user name: To retrieve the default user name:
{{- if .Values.setDefaultUser.user.existingSecret }}
- echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- else }}
- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) - echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- end }}
To retrieve the default user password: To retrieve the default user password:
{{- if .Values.setDefaultUser.user.existingSecret }}
- echo $(kubectl get secret {{ .Values.setDefaultUser.user.existingSecret }} -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- else }}
- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) - echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode)
{{- end }} {{- end }}
\ No newline at end of file {{- end }}
stable/influxdb/templates/post-install-set-auth.yaml
View file @ 7d6d6747
...@@ -26,12 +26,20 @@ spec: ...@@ -26,12 +26,20 @@ spec:
- name: INFLUXDB_USER - name: INFLUXDB_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.setDefaultUser.user.existingSecret }}
name: {{ .Values.setDefaultUser.user.existingSecret -}}
{{ else }}
name: {{ template "influxdb.fullname" . }}-auth name: {{ template "influxdb.fullname" . }}-auth
{{- end }}
key: influxdb-user key: influxdb-user
- name: INFLUXDB_PASSWORD - name: INFLUXDB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.setDefaultUser.user.existingSecret }}
name: {{ .Values.setDefaultUser.user.existingSecret -}}
{{ else }}
name: {{ template "influxdb.fullname" . }}-auth name: {{ template "influxdb.fullname" . }}-auth
{{- end }}
key: influxdb-password key: influxdb-password
args: args:
- "/bin/sh" - "/bin/sh"
......
stable/influxdb/templates/secret.yaml
View file @ 7d6d6747
{{- if .Values.setDefaultUser.enabled -}} {{- if .Values.setDefaultUser.enabled -}}
{{- if not (.Values.setDefaultUser.user.existingSecret) -}}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
...@@ -16,3 +17,4 @@ data: ...@@ -16,3 +17,4 @@ data:
{{- end }} {{- end }}
influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }} influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }}
{{- end -}} {{- end -}}
{{- end -}}
stable/influxdb/values.yaml
View file @ 7d6d6747
...@@ -87,6 +87,11 @@ setDefaultUser: ...@@ -87,6 +87,11 @@ setDefaultUser:
## Default: (Randomly generated 10 characters of AlphaNum) ## Default: (Randomly generated 10 characters of AlphaNum)
# password: # password:
## The user name and password are obtained from an existing secret. The expected
## keys are `influxdb-user` and `influxdb-password`.
## If set, the username and password values above are ignored.
# existingSecret: influxdb-auth
## User privileges ## User privileges
## Default: "WITH ALL PRIVILEGES" ## Default: "WITH ALL PRIVILEGES"
privileges: "WITH ALL PRIVILEGES" privileges: "WITH ALL PRIVILEGES"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment