feat: add static auth configuration (#214)

Author: daviderli614

charts/greptimedb-standalone/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: greptimedb-standalone
 description: A Helm chart for deploying standalone greptimedb
 type: application
-version: 0.1.36
+version: 0.1.37
 appVersion: 0.11.0
 home: https://github.com/GreptimeTeam/greptimedb
 sources:

charts/greptimedb-standalone/README.md

@@ -2,7 +2,7 @@
 
 A Helm chart for deploying standalone greptimedb
 
-![Version: 0.1.36](https://img.shields.io/badge/Version-0.1.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
+![Version: 0.1.37](https://img.shields.io/badge/Version-0.1.37-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
 
 ## Source Code
 - https://github.com/GreptimeTeam/greptimedb
@@ -53,6 +53,11 @@ helm uninstall greptimedb-standalone -n default
 | affinity | object | `{}` | Affinity configuration for pod |
 | annotations | object | `{}` | The annotations |
 | args | list | `[]` | The container args |
+| auth | object | `{"enabled":false,"fileName":"passwd","mountPath":"/etc/greptimedb/auth","users":[{"password":"admin","username":"admin"}]}` | The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static). |
+| auth.enabled | bool | `false` | Enable static auth |
+| auth.fileName | string | `"passwd"` | The auth file name, the full path is `${mountPath}/${fileName}` |
+| auth.mountPath | string | `"/etc/greptimedb/auth"` | The auth file path to store the auth info |
+| auth.users | list | `[{"password":"admin","username":"admin"}]` | The users to be created in the auth file |
 | command | list | `[]` | The container command |
 | configToml | string | `"mode = 'standalone'\n"` | The extra configuration for greptimedb |
 | dataHome | string | `"/data/greptimedb/"` | Storage root directory |

charts/greptimedb-standalone/templates/statefulset.yaml

@@ -64,7 +64,7 @@ spec:
           args:
             {{- if .Values.configToml }}
             - "--config-file"
-            - "/etc/greptimedb/config.toml"
+            - "/etc/greptimedb/config/config.toml"
             {{- end }}
             {{- if .Values.dataHome }}
             - "--data-home"
@@ -86,12 +86,16 @@ spec:
             - containerPort: {{ .Values.postgresServicePort }}
               name: postgres
               protocol: TCP
-          {{- if .Values.env }}
+          {{- if or .Values.env .Values.auth.enabled }}
           env:
             {{- range $key, $val := .Values.env }}
             - name: {{ $key }}
               value: {{ $val | quote }}
             {{- end }}
+            {{- if .Values.auth.enabled }}
+            - name: GREPTIMEDB_STANDALONE__USER_PROVIDER
+              value: "static_user_provider:file:{{ .Values.auth.mountPath }}/{{ .Values.auth.fileName }}"
+            {{- end }}
           {{- end }}
           {{- if .Values.objectStorage }}
           {{- if .Values.objectStorage.credentials }}
@@ -113,7 +117,12 @@ spec:
               mountPath: {{ .Values.persistence.mountPath }}
             {{- if .Values.configToml }}
             - name: config
-              mountPath: /etc/greptimedb
+              mountPath: /etc/greptimedb/config
+              readOnly: true
+            {{- end }}
+            {{- if .Values.auth.enabled }}
+            - name: auth
+              mountPath: {{ .Values.auth.mountPath }}
               readOnly: true
             {{- end }}
             {{- with .Values.extraVolumeMounts }}
@@ -123,17 +132,20 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- if or .Values.configToml .Values.extraVolumes }}
       volumes:
         {{- if .Values.configToml }}
         - name: config
           configMap:
             name: {{ include "greptimedb-standalone.fullname" . }}-config
         {{- end }}
+        {{- if .Values.auth.enabled }}
+        - name: auth
+          secret:
+            secretName: {{ include "greptimedb-standalone.fullname" . }}-users-auth
+        {{- end }}
         {{- with .Values.extraVolumes }}
             {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{- end }}
       {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

charts/greptimedb-standalone/templates/users-auth-secret.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.auth.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "greptimedb-standalone.fullname" . }}-users-auth
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+stringData:
+  {{ .Values.auth.fileName }}: |
+    {{- range .Values.auth.users }}
+    {{ printf "%s=%s" .username .password }}
+    {{- end }}
+{{- end }}

charts/greptimedb-standalone/values.yaml

@@ -239,3 +239,16 @@ service:
   type: ClusterIP
   # -- Annotations for service
   annotations: {}
+
+# -- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static).
+auth:
+  # -- Enable static auth
+  enabled: false
+  # -- The auth file path to store the auth info
+  mountPath: "/etc/greptimedb/auth"
+  # -- The auth file name, the full path is `${mountPath}/${fileName}`
+  fileName: "passwd"
+  # -- The users to be created in the auth file
+  users:
+    - username: "admin"
+      password: "admin"