feat(dashboard): Allow dashboards to use external etcd with mtls (#494)
* feat(dashboard): Allow dashboards to use external etcd with mtls
* chore: Update docs with helm-docs
* chore: Rename existingSecret to mtlsExistingSecret
diff --git a/charts/apisix-dashboard/README.md b/charts/apisix-dashboard/README.md
index a894231..8a4c43d 100644
--- a/charts/apisix-dashboard/README.md
+++ b/charts/apisix-dashboard/README.md
@@ -63,6 +63,8 @@
| config.authentication.secret | string | `"secret"` | Secret for jwt token generation |
| config.authentication.users | list | `[{"password":"admin","username":"admin"}]` | Specifies username and password for login manager api. |
| config.conf.etcd.endpoints | list | `["apisix-etcd:2379"]` | Supports defining multiple etcd host addresses for an etcd cluster |
+| config.conf.etcd.mtls | object | `{}` | |
+| config.conf.etcd.mtlsExistingSecret | string | `""` | Specifies a secret to be mounted on /etc/etcd for mtls usage |
| config.conf.etcd.password | string | `nil` | Specifies etcd basic auth password if enable etcd auth |
| config.conf.etcd.prefix | string | `"/apisix"` | apisix configurations prefix |
| config.conf.etcd.username | string | `nil` | Specifies etcd basic auth username if enable etcd auth |
diff --git a/charts/apisix-dashboard/templates/configmap.yaml b/charts/apisix-dashboard/templates/configmap.yaml
index e869fbb..82d6e8f 100644
--- a/charts/apisix-dashboard/templates/configmap.yaml
+++ b/charts/apisix-dashboard/templates/configmap.yaml
@@ -41,6 +41,10 @@
{{- if .password }}
password: {{ .password }}
{{- end }}
+ {{- if .mtls }}
+ mtls:
+ {{- toYaml .mtls | nindent 10 }}
+ {{- end }}
{{- end }}
{{- with .log }}
log:
diff --git a/charts/apisix-dashboard/templates/deployment.yaml b/charts/apisix-dashboard/templates/deployment.yaml
index e83a065..2866549 100644
--- a/charts/apisix-dashboard/templates/deployment.yaml
+++ b/charts/apisix-dashboard/templates/deployment.yaml
@@ -77,10 +77,19 @@
- mountPath: /usr/local/apisix-dashboard/conf/conf.yaml
name: apisix-dashboard-config
subPath: conf.yaml
+ {{- if .Values.config.conf.etcd.mtlsExistingSecret }}
+ - mountPath: /etc/etcd
+ name: etcd-config
+ {{- end}}
volumes:
- configMap:
name: {{ include "apisix-dashboard.fullname" . }}
name: apisix-dashboard-config
+ {{- if .Values.config.conf.etcd.mtlsExistingSecret }}
+ - secret:
+ secretName: {{ .Values.config.conf.etcd.mtlsExistingSecret }}
+ name: etcd-config
+ {{- end}}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/charts/apisix-dashboard/values.yaml b/charts/apisix-dashboard/values.yaml
index 58a58c0..89bc9eb 100644
--- a/charts/apisix-dashboard/values.yaml
+++ b/charts/apisix-dashboard/values.yaml
@@ -89,6 +89,16 @@
username: ~
# -- Specifies etcd basic auth password if enable etcd auth
password: ~
+
+ # -- Specifies a secret to be mounted on /etc/etcd for mtls usage
+ mtlsExistingSecret: ""
+
+ # MTLS configuration used for external etcd instances
+ mtls:
+ {}
+ # key_file: /etc/etcd/server-client.key
+ # cert_file: /etc/etcd/server-client.crt
+ # ca_file: /etc/etcd/server-ca.crt
log:
# -- Error log level.
# Supports levels, lower to higher: debug, info, warn, error, panic, fatal