Fully support docker influx image entrypoint

bdcc3d0d · Alex Williams · David McKay · 9e50ace5 · bdcc3d0d · bdcc3d0d
Commit bdcc3d0d authored Apr 04, 2021 by Alex Williams Committed by David McKay Apr 22, 2021
6 changed files
--- a/charts/influxdb2/README.md
+++ b/charts/influxdb2/README.md
@@ -52,7 +52,9 @@ Check out our [Slack channel](https://www.influxdata.com/slack) for support and 

 ## Fixed Auth Credentials

-If you need to use fixed token and/or password you can set the values `adminUser.password` and `adminUser.token` or you can use an existing secret, which would be a better approach.
+If you need to use fixed token and/or password you can set the values
+`adminUser.password` and `adminUser.token` or you can use an existing secret,
+which would be a better approach.

 Example Secret:

@@ -66,3 +68,33 @@ data:
  admin-password: ...
  admin-token: ...
 ```
+
+If you do not specify an existing secret, the admin-password and admin-token
+will be automatically generated. They will remain consistent even after
+`helm upgrade`.
+
+## Influx setup
+
+By default this chart uses the docker hub influxdb image which includes an
+entrypoint for automatically setting up InfluxDB. This operation is idempotent
+and will be skipped if a boltdb is found on startup.
+
+For more information see "Automated Setup" in the [docker image README](https://hub.docker.com/_/influxdb).
+
+For configuration options see `adminUser` in `values.yaml`.
+
+## Configuration
+
+Extra environment variables can be passed influxdb using `.Values.env`. For
+example:
+
+```yaml
+env:
+  - name: FOO
+    value: BAR
+  - name: BAZ
+    valueFrom:
+      secretKeyRef:
+        name: my-secret
+        key: my-key
+```
--- a/charts/influxdb2/templates/NOTES.txt
+++ b/charts/influxdb2/templates/NOTES.txt
@@ -2,8 +2,6 @@ InfluxDB 2 is deployed as a StatefulSet on your cluster.

 You can access it by using the service name: {{ template "influxdb.fullname" . }}

-{{- if .Values.adminUser.create }}
-
 To retrieve the password for the '{{ .Values.adminUser.user}}' user:

 {{- if .Values.adminUser.existingSecret }}
@@ -15,4 +13,3 @@ To retrieve the password for the '{{ .Values.adminUser.user}}' user:
  echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['admin-password']}" --namespace {{ .Release.Namespace }} | base64 --decode)

 {{- end }}
-{{- end }}
--- a/charts/influxdb2/templates/job-setup-admin.yaml
+++ b/charts/influxdb2/templates/job-setup-admin.yaml
-{{- if .Values.adminUser.create -}}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  labels:
-    {{- include "influxdb.labels" . | nindent 4 }}
-  name: {{ template "influxdb.fullname" . }}-create-admin-user
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation"
-spec:
-  activeDeadlineSeconds: 90
-  template:
-    metadata:
-      labels:
-        {{- include "influxdb.labels" . | nindent 8 }}
-      annotations:
-        {{- toYaml .Values.podAnnotations | nindent 8 }}
-    spec:
-      containers:
-      - name: {{ template "influxdb.fullname" . }}-create-admin-user
-        image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
-        {{- if .Values.securityContext }}
-        securityContext:
-          {{ toYaml .Values.securityContext | nindent 12 }}
-        {{- end }}
-        env:
-          - name: INFLUXDB_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                {{- if .Values.adminUser.existingSecret }}
-                name: {{ .Values.adminUser.existingSecret -}}
-                {{ else }}
-                name: {{ template "influxdb.fullname" . }}-auth
-                {{- end }}
-                key: admin-password
-          - name: INFLUXDB_TOKEN
-            valueFrom:
-              secretKeyRef:
-                {{- if .Values.adminUser.existingSecret }}
-                name: {{ .Values.adminUser.existingSecret -}}
-                {{ else }}
-                name: {{ template "influxdb.fullname" . }}-auth
-                {{- end }}
-                key: admin-token
-        command:
-          - bash
-        args:
-          - -c
-          - |
-            influx setup -f \
-            --host http://{{ template "influxdb.fullname" . }}:{{ .Values.service.port }} \
-            -o {{ .Values.adminUser.organization }} \
-            -b {{ .Values.adminUser.bucket }} \
-            -u {{ .Values.adminUser.user }} \
-            -r {{ .Values.adminUser.retention_policy }} \
-            -p ${INFLUXDB_PASSWORD} \
-            -t ${INFLUXDB_TOKEN}
-      restartPolicy: OnFailure
-      {{- if .Values.securityContext.runAsGroup }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.runAsGroup }}
-      {{- end }}
-{{- end -}}
--- a/charts/influxdb2/templates/secret.yaml
+++ b/charts/influxdb2/templates/secret.yaml
@@ -4,15 +4,22 @@ kind: Secret
 metadata:
  labels:
    {{- include "influxdb.labels" . | nindent 4 }}
-  name: {{ template "influxdb.fullname" . }}-auth
+  {{- $name := printf "%s-auth" (include "influxdb.fullname" .) }}
+  name: {{ $name }}
 data:
-  {{- if .Values.adminUser.token }}
+  {{- $previous := lookup "v1" "Secret" .Release.Namespace $name }}
+
+  {{- if $previous }}
+  admin-token: {{ index $previous.data "admin-token" }}
+  {{- else if .Values.adminUser.token }}
  admin-token: {{ .Values.adminUser.token  | b64enc | quote }}
  {{- else }}
  admin-token: {{ randAlphaNum 32 | b64enc | quote }}
  {{- end }}

-  {{- if .Values.adminUser.password }}
+  {{- if $previous }}
+  admin-password: {{ index $previous.data "admin-password" }}
+  {{- else if .Values.adminUser.password }}
  admin-password: {{ .Values.adminUser.password | b64enc | quote }}
  {{- else }}
  admin-password: {{ randAlphaNum 32 | b64enc | quote }}

--- a/charts/influxdb2/templates/statefulset.yaml
+++ b/charts/influxdb2/templates/statefulset.yaml
@@ -34,16 +34,60 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - influxd
-            - --engine-path
-            - {{ .Values.persistence.mountPath }}
-            - --bolt-path
-            - {{ .Values.persistence.mountPath }}/influxd.bolt
          ports:
            - name: {{ .Values.service.portName }}
              containerPort: 8086
              protocol: TCP
+          env:
+            # Automated setup will not run if an existing boltdb file is found at the configured path.
+            # This behavior allows for the InfluxDB container to reboot post-setup without encountering "DB is already set up" errors.
+            - name: DOCKER_INFLUXDB_INIT_MODE
+              value: setup
+            # The username to set for the system's initial super-user (Required).
+            - name: DOCKER_INFLUXDB_INIT_USERNAME
+              value: {{ .Values.adminUser.user }}
+            # The password to set for the system's inital super-user (Required).
+            - name: DOCKER_INFLUXDB_INIT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.adminUser.existingSecret }}
+                  name: {{ .Values.adminUser.existingSecret -}}
+                  {{ else }}
+                  name: {{ template "influxdb.fullname" . }}-auth
+                  {{- end }}
+                  key: admin-password
+            # The name to set for the system's initial organization (Required).
+            - name: DOCKER_INFLUXDB_INIT_ORG
+              value: {{ .Values.adminUser.organization }}
+            # The name to set for the system's initial bucket (Required).
+            - name: DOCKER_INFLUXDB_INIT_BUCKET
+              value: {{ .Values.adminUser.bucket }}
+            # The duration the system's initial bucket should retain data. If not set, the initial bucket will retain data forever.
+            - name: DOCKER_INFLUXDB_INIT_RETENTION
+              value: {{ .Values.adminUser.retention_policy }}
+            # The authentication token to associate with the system's initial super-user. If not set, a token will be auto-generated by the system.
+            - name: DOCKER_INFLUXDB_INIT_ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.adminUser.existingSecret }}
+                  name: {{ .Values.adminUser.existingSecret -}}
+                  {{ else }}
+                  name: {{ template "influxdb.fullname" . }}-auth
+                  {{- end }}
+                  key: admin-token
+
+            # Path to the BoltDB database.
+            - name: INFLUXD_BOLT_PATH
+              value: {{ .Values.persistence.mountPath }}/influxd.bolt
+            # Path to persistent storage engine files where InfluxDB stores all Time-Structure Merge Tree (TSM) data on disk.
+            - name: INFLUXD_ENGINE_PATH
+              value: {{ .Values.persistence.mountPath }}
+
+            # Extra environment variables from .Values.env
+            {{- with .Values.env }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+
          {{- if .Values.securityContext }}
          securityContext:
            {{ toYaml .Values.securityContext | nindent 12 }}

--- a/charts/influxdb2/values.yaml
+++ b/charts/influxdb2/values.yaml
@@ -28,11 +28,22 @@ affinity: {}

 securityContext: {}

-## Create default user through Kubernetes job
+## Extra environment variables to configure influxdb
+## e.g.
+# env:
+#   - name: FOO
+#     value: BAR
+#   - name: BAZ
+#     valueFrom:
+#       secretKeyRef:
+#         name: my-secret
+#         key: my-key
+env: {}
+
+## Create default user through docker entrypoint
 ## Defaults indicated below
 ##
 adminUser:
-  create: true
  organization: "influxdata"
  bucket: "default"
  user: "admin"