diff --git a/charts/greptimedb-cluster/Chart.yaml b/charts/greptimedb-cluster/Chart.yaml index 8f6255b..116a651 100644 --- a/charts/greptimedb-cluster/Chart.yaml +++ b/charts/greptimedb-cluster/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: greptimedb-cluster description: A Helm chart for deploying GreptimeDB cluster in Kubernetes. type: application -version: 0.2.6 +version: 0.2.7 appVersion: 0.9.1 home: https://github.com/GreptimeTeam/greptimedb sources: diff --git a/charts/greptimedb-cluster/README.md b/charts/greptimedb-cluster/README.md index afc9952..98440fe 100644 --- a/charts/greptimedb-cluster/README.md +++ b/charts/greptimedb-cluster/README.md @@ -2,7 +2,7 @@ A Helm chart for deploying GreptimeDB cluster in Kubernetes. -![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.1](https://img.shields.io/badge/AppVersion-0.9.1-informational?style=flat-square) +![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.1](https://img.shields.io/badge/AppVersion-0.9.1-informational?style=flat-square) ## Source Code @@ -73,6 +73,11 @@ helm uninstall mycluster -n default | Key | Type | Default | Description | |-----|------|---------|-------------| +| auth | object | `{"enabled":false,"fileName":"passwd","mountPath":"/etc/greptimedb/auth","users":[{"password":"admin","username":"admin"}]}` | The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication). | +| auth.enabled | bool | `false` | Enable static auth | +| auth.fileName | string | `"passwd"` | The auth file name, the full path is `${mountPath}/${fileName}` | +| auth.mountPath | string | `"/etc/greptimedb/auth"` | The auth file path to store the auth info | +| auth.users | list | `[{"password":"admin","username":"admin"}]` | The users to be created in the auth file | | base.podTemplate | object | `{"affinity":{},"annotations":{},"labels":{},"main":{"args":[],"command":[],"env":[],"readinessProbe":{},"resources":{"limits":{},"requests":{}}},"nodeSelector":{},"serviceAccountName":"","tolerations":[]}` | The pod template for base | | base.podTemplate.affinity | object | `{}` | The pod affinity | | base.podTemplate.annotations | object | `{}` | The annotations to be created to the pod. | diff --git a/charts/greptimedb-cluster/templates/cluster.yaml b/charts/greptimedb-cluster/templates/cluster.yaml index 1368c6e..bc3434b 100644 --- a/charts/greptimedb-cluster/templates/cluster.yaml +++ b/charts/greptimedb-cluster/templates/cluster.yaml @@ -74,11 +74,25 @@ spec: {{- if .Values.frontend.podTemplate.main.args }} args: {{ .Values.frontend.podTemplate.main.args | toYaml | nindent 8 }} {{- end }} + {{- if or .Values.auth.enabled .Values.frontend.podTemplate.main.env }} + env: + {{- if .Values.auth.enabled }} + - name: GREPTIMEDB_FRONTEND__USER_PROVIDER + value: "static_user_provider:file:{{ .Values.auth.mountPath }}/{{ .Values.auth.fileName }}" + {{- end }} {{- if .Values.frontend.podTemplate.main.env }} - env: {{- toYaml .Values.frontend.podTemplate.main.env | nindent 8 }} + {{- toYaml .Values.frontend.podTemplate.main.env | nindent 8 }} + {{- end }} {{- end }} + {{- if or .Values.auth.enabled .Values.frontend.podTemplate.main.volumeMounts }} + volumeMounts: {{- if .Values.frontend.podTemplate.main.volumeMounts }} - volumeMounts: {{- toYaml .Values.frontend.podTemplate.main.volumeMounts | nindent 8 }} + {{- toYaml .Values.frontend.podTemplate.main.volumeMounts | nindent 8 }} + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth + mountPath: {{ .Values.auth.mountPath }} + {{- end }} {{- end }} resources: requests: {{ .Values.frontend.podTemplate.main.resources.requests | toYaml | nindent 12 }} @@ -104,8 +118,16 @@ spec: {{- if .Values.frontend.podTemplate.nodeSelector }} nodeSelector: {{ .Values.frontend.podTemplate.nodeSelector | toYaml | nindent 8 }} {{- end }} - {{- if .Values.frontend.podTemplate.volumes}} - volumes: {{ .Values.frontend.podTemplate.volumes | toYaml | nindent 8 }} + {{- if or .Values.auth.enabled .Values.frontend.podTemplate.volumes }} + volumes: + {{- if .Values.frontend.podTemplate.volumes }} + {{- toYaml .Values.frontend.podTemplate.volumes | nindent 8 }} + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth + secret: + secretName: {{ .Release.Name }}-users-auth + {{- end }} {{- end }} meta: replicas: {{ .Values.meta.replicas }} diff --git a/charts/greptimedb-cluster/templates/users-auth-secret.yaml b/charts/greptimedb-cluster/templates/users-auth-secret.yaml new file mode 100644 index 0000000..0bffa54 --- /dev/null +++ b/charts/greptimedb-cluster/templates/users-auth-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.auth.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-users-auth + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + {{ .Values.auth.fileName }}: | + {{- range .Values.auth.users }} + {{ printf "%s=%s" .username .password }} + {{- end }} +{{- end }} diff --git a/charts/greptimedb-cluster/values.yaml b/charts/greptimedb-cluster/values.yaml index 9e9119e..b095e2e 100644 --- a/charts/greptimedb-cluster/values.yaml +++ b/charts/greptimedb-cluster/values.yaml @@ -443,3 +443,16 @@ remoteWal: kafka: # -- The kafka broker endpoints brokerEndpoints: [] + +# -- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication). +auth: + # -- Enable static auth + enabled: false + # -- The auth file path to store the auth info + mountPath: "/etc/greptimedb/auth" + # -- The auth file name, the full path is `${mountPath}/${fileName}` + fileName: "passwd" + # -- The users to be created in the auth file + users: + - username: "admin" + password: "admin"