feat: allow to override admin and viewer token keys in secret for adm… (#551)
Co-authored-by: Katlinsky, Ilya <i.katlinsky@itransition.com>
diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index b47e500..eb9c68c 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -42,9 +42,11 @@
|-----|------|---------|-------------|
| admin.allow.ipList | list | `["127.0.0.1/24"]` | The client IP CIDR allowed to access Apache APISIX Admin API service. |
| admin.cors | bool | `true` | Admin API support CORS response headers |
-| admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretName":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
+| admin.credentials | object | `{"admin":"edd1c9f034335f136f87ad84b625c8f1","secretAdminKey":"","secretName":"","secretViewerKey":"","viewer":"4054f7cf07e344346cd3f287985e76a2"}` | Admin API credentials |
| admin.credentials.admin | string | `"edd1c9f034335f136f87ad84b625c8f1"` | Apache APISIX admin API admin role credentials |
+| admin.credentials.secretAdminKey | string | `""` | Name of the admin role key in the secret, overrides the default key name "admin" |
| admin.credentials.secretName | string | `""` | The APISIX Helm chart supports storing user credentials in a secret. The secret needs to contain two keys, admin and viewer, with their respective values set. |
+| admin.credentials.secretViewerKey | string | `""` | Name of the viewer role key in the secret, overrides the default key name "viewer" |
| admin.credentials.viewer | string | `"4054f7cf07e344346cd3f287985e76a2"` | Apache APISIX admin API viewer role credentials |
| admin.enabled | bool | `true` | Enable Admin API |
| admin.externalIPs | list | `[]` | IPs for which nodes in the cluster will also accept traffic for the servic |
diff --git a/charts/apisix/templates/_helpers.tpl b/charts/apisix/templates/_helpers.tpl
index 2198734..41a98b1 100644
--- a/charts/apisix/templates/_helpers.tpl
+++ b/charts/apisix/templates/_helpers.tpl
@@ -111,3 +111,25 @@
{{- "http" }}
{{- end }}
{{- end }}
+
+{{/*
+Key to use to fetch admin token from secret
+*/}}
+{{- define "apisix.admin.credentials.secretAdminKey" -}}
+{{- if .Values.admin.credentials.secretAdminKey }}
+{{- .Values.admin.credentials.secretAdminKey }}
+{{- else }}
+{{- "admin" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Key to use to fetch viewer token from secret
+*/}}
+{{- define "apisix.admin.credentials.secretViewerKey" -}}
+{{- if .Values.admin.credentials.secretViewerKey }}
+{{- .Values.admin.credentials.secretViewerKey }}
+{{- else }}
+{{- "viewer" }}
+{{- end }}
+{{- end }}
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index 50f2732..d2860a9 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -45,13 +45,13 @@
- name: APISIX_ADMIN_KEY
valueFrom:
secretKeyRef:
- name: {{ .Values.admin.credentials.secretName }}
- key: admin
+ name: {{ .Values.admin.credentials.secretName | quote }}
+ key: {{ include "apisix.admin.credentials.secretAdminKey" . }}
- name: APISIX_VIEWER_KEY
valueFrom:
secretKeyRef:
- name: {{ .Values.admin.credentials.secretName }}
- key: viewer
+ name: {{ .Values.admin.credentials.secretName | quote }}
+ key: {{ include "apisix.admin.credentials.secretViewerKey" . }}
{{- end }}
ports:
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 7f5de42..805d52f 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -311,6 +311,10 @@
# -- The APISIX Helm chart supports storing user credentials in a secret.
# The secret needs to contain two keys, admin and viewer, with their respective values set.
secretName: ""
+ # -- Name of the admin role key in the secret, overrides the default key name "admin"
+ secretAdminKey: ""
+ # -- Name of the viewer role key in the secret, overrides the default key name "viewer"
+ secretViewerKey: ""
allow:
# -- The client IP CIDR allowed to access Apache APISIX Admin API service.