From 73210f7f9e30c0868a0d396550123987147d45ea Mon Sep 17 00:00:00 2001 From: liyang Date: Thu, 12 Dec 2024 16:20:02 +0800 Subject: [PATCH] feat: add static auth configuration --- charts/greptimedb-standalone/Chart.yaml | 2 +- charts/greptimedb-standalone/README.md | 7 +++++- .../templates/statefulset.yaml | 22 ++++++++++++++----- .../templates/users-auth-secret.yaml | 13 +++++++++++ charts/greptimedb-standalone/values.yaml | 13 +++++++++++ 5 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 charts/greptimedb-standalone/templates/users-auth-secret.yaml diff --git a/charts/greptimedb-standalone/Chart.yaml b/charts/greptimedb-standalone/Chart.yaml index 4d616e3..76f512b 100644 --- a/charts/greptimedb-standalone/Chart.yaml +++ b/charts/greptimedb-standalone/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: greptimedb-standalone description: A Helm chart for deploying standalone greptimedb type: application -version: 0.1.36 +version: 0.1.37 appVersion: 0.11.0 home: https://github.com/GreptimeTeam/greptimedb sources: diff --git a/charts/greptimedb-standalone/README.md b/charts/greptimedb-standalone/README.md index 9baf913..1ed4958 100644 --- a/charts/greptimedb-standalone/README.md +++ b/charts/greptimedb-standalone/README.md @@ -2,7 +2,7 @@ A Helm chart for deploying standalone greptimedb -![Version: 0.1.36](https://img.shields.io/badge/Version-0.1.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square) +![Version: 0.1.37](https://img.shields.io/badge/Version-0.1.37-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square) ## Source Code - https://github.com/GreptimeTeam/greptimedb @@ -53,6 +53,11 @@ helm uninstall greptimedb-standalone -n default | affinity | object | `{}` | Affinity configuration for pod | | annotations | object | `{}` | The annotations | | args | list | `[]` | The container args | +| auth | object | `{"enabled":false,"fileName":"passwd","mountPath":"/etc/greptimedb/auth","users":[{"password":"admin","username":"admin"}]}` | The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static). | +| auth.enabled | bool | `false` | Enable static auth | +| auth.fileName | string | `"passwd"` | The auth file name, the full path is `${mountPath}/${fileName}` | +| auth.mountPath | string | `"/etc/greptimedb/auth"` | The auth file path to store the auth info | +| auth.users | list | `[{"password":"admin","username":"admin"}]` | The users to be created in the auth file | | command | list | `[]` | The container command | | configToml | string | `"mode = 'standalone'\n"` | The extra configuration for greptimedb | | dataHome | string | `"/data/greptimedb/"` | Storage root directory | diff --git a/charts/greptimedb-standalone/templates/statefulset.yaml b/charts/greptimedb-standalone/templates/statefulset.yaml index 3118262..0d553e2 100644 --- a/charts/greptimedb-standalone/templates/statefulset.yaml +++ b/charts/greptimedb-standalone/templates/statefulset.yaml @@ -64,7 +64,7 @@ spec: args: {{- if .Values.configToml }} - "--config-file" - - "/etc/greptimedb/config.toml" + - "/etc/greptimedb/config/config.toml" {{- end }} {{- if .Values.dataHome }} - "--data-home" @@ -86,12 +86,16 @@ spec: - containerPort: {{ .Values.postgresServicePort }} name: postgres protocol: TCP - {{- if .Values.env }} + {{- if or .Values.env .Values.auth.enabled }} env: {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} + {{- if .Values.auth.enabled }} + - name: GREPTIMEDB_STANDALONE__USER_PROVIDER + value: "static_user_provider:file:{{ .Values.auth.mountPath }}/{{ .Values.auth.fileName }}" + {{- end }} {{- end }} {{- if .Values.objectStorage }} {{- if .Values.objectStorage.credentials }} @@ -113,7 +117,12 @@ spec: mountPath: {{ .Values.persistence.mountPath }} {{- if .Values.configToml }} - name: config - mountPath: /etc/greptimedb + mountPath: /etc/greptimedb/config + readOnly: true + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth + mountPath: {{ .Values.auth.mountPath }} readOnly: true {{- end }} {{- with .Values.extraVolumeMounts }} @@ -123,17 +132,20 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- if or .Values.configToml .Values.extraVolumes }} volumes: {{- if .Values.configToml }} - name: config configMap: name: {{ include "greptimedb-standalone.fullname" . }}-config {{- end }} + {{- if .Values.auth.enabled }} + - name: auth + secret: + secretName: {{ include "greptimedb-standalone.fullname" . }}-users-auth + {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} - {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} diff --git a/charts/greptimedb-standalone/templates/users-auth-secret.yaml b/charts/greptimedb-standalone/templates/users-auth-secret.yaml new file mode 100644 index 0000000..354d474 --- /dev/null +++ b/charts/greptimedb-standalone/templates/users-auth-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.auth.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "greptimedb-standalone.fullname" . }}-users-auth + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + {{ .Values.auth.fileName }}: | + {{- range .Values.auth.users }} + {{ printf "%s=%s" .username .password }} + {{- end }} +{{- end }} diff --git a/charts/greptimedb-standalone/values.yaml b/charts/greptimedb-standalone/values.yaml index 6435f29..345166d 100644 --- a/charts/greptimedb-standalone/values.yaml +++ b/charts/greptimedb-standalone/values.yaml @@ -239,3 +239,16 @@ service: type: ClusterIP # -- Annotations for service annotations: {} + +# -- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static). +auth: + # -- Enable static auth + enabled: false + # -- The auth file path to store the auth info + mountPath: "/etc/greptimedb/auth" + # -- The auth file name, the full path is `${mountPath}/${fileName}` + fileName: "passwd" + # -- The users to be created in the auth file + users: + - username: "admin" + password: "admin"