Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow user to define access and secret key via values (#8389) 

* Allow user to define admin access and secret key via values

* Add comments to values.yaml

* Add support for read for consistency

* Simplify templating

* Add checksum to s3 config

* Update comments

* Revert "Add checksum to s3 config"

This reverts commit d21a7038a8.
pull/8375/merge
Richard Chen Zheng 17 hours ago
committed by GitHub
parent
40cc0e04a6
commit
964a8f5fde
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
  2. 18
      k8s/charts/seaweedfs/values.yaml

21
k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
View File

@ -10,10 +10,21 @@
{{- if and .Values.s3.reuseLegacySecret $existingSecret }} {{- if and .Values.s3.reuseLegacySecret $existingSecret }}
{{- $reuse = true }} {{- $reuse = true }}
{{- end }} {{- end }}
{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $creds := .Values.s3.credentials | default dict -}}
{{- $adminCreds := $creds.admin | default dict -}}
{{- $access_key_admin := $adminCreds.accessKey -}}
{{- $secret_key_admin := $adminCreds.secretKey -}}
{{- if not (and $access_key_admin $secret_key_admin) -}}
{{- $access_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $secret_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- end -}}
{{- $readCreds := $creds.read | default dict -}}
{{- $access_key_read := $readCreds.accessKey -}}
{{- $secret_key_read := $readCreds.secretKey -}}
{{- if not (and $access_key_read $secret_key_read) -}}
{{- $access_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- $secret_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
{{- end -}}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
type: Opaque type: Opaque
@ -43,4 +54,4 @@ stringData:
s3_auditLogConfig.json: | s3_auditLogConfig.json: |
{{ toJson .Values.s3.auditLogConfig | nindent 4 }} {{ toJson .Values.s3.auditLogConfig | nindent 4 }}
{{- end }} {{- end }}
{{- end }}
{{- end }}

18
k8s/charts/seaweedfs/values.yaml
View File

@ -890,6 +890,10 @@ filer:
# set to the name of an existing kubernetes Secret with the s3 json config file # set to the name of an existing kubernetes Secret with the s3 json config file
# should have a secret key called seaweedfs_s3_config with an inline json configure # should have a secret key called seaweedfs_s3_config with an inline json configure
existingConfigSecret: null existingConfigSecret: null
# To provide explicit credentials for the S3 gateway, set them under
# the top-level s3.credentials key (not filer.s3.credentials).
# The s3-secret.yaml template only reads from .Values.s3.credentials.
# See: s3.credentials.admin.accessKey, s3.credentials.read.accessKey
auditLogConfig: {} auditLogConfig: {}
# You may specify buckets to be created during the install or upgrade process. # You may specify buckets to be created during the install or upgrade process.
# Buckets may be exposed publicly by setting `anonymousRead` to `true` # Buckets may be exposed publicly by setting `anonymousRead` to `true`
@ -918,6 +922,16 @@ s3:
# set to the name of an existing kubernetes Secret with the s3 json config file # set to the name of an existing kubernetes Secret with the s3 json config file
# should have a secret key called seaweedfs_s3_config with an inline json config # should have a secret key called seaweedfs_s3_config with an inline json config
existingConfigSecret: null existingConfigSecret: null
# Optionally provide explicit credentials for the S3 gateway.
# When set, these are used in the generated s3 secret instead of
# auto-generating random credentials.
# credentials:
# admin:
# accessKey: ""
# secretKey: ""
# read:
# accessKey: ""
# secretKey: ""
auditLogConfig: {} auditLogConfig: {}
# You may specify buckets to be created during the install or upgrade process. # You may specify buckets to be created during the install or upgrade process.
# Buckets may be exposed publicly by setting `anonymousRead` to `true` # Buckets may be exposed publicly by setting `anonymousRead` to `true`
@ -1421,6 +1435,10 @@ allInOne:
# Set to the name of an existing kubernetes Secret with the s3 json config file # Set to the name of an existing kubernetes Secret with the s3 json config file
# should have a secret key called seaweedfs_s3_config with an inline json config # should have a secret key called seaweedfs_s3_config with an inline json config
existingConfigSecret: null existingConfigSecret: null
# To provide explicit credentials for the S3 gateway, set them under
# the top-level s3.credentials key (not allInOne.s3.credentials).
# The s3-secret.yaml template only reads from .Values.s3.credentials.
# See: s3.credentials.admin.accessKey, s3.credentials.read.accessKey
auditLogConfig: null # S3 audit log configuration (null inherits from s3.auditLogConfig) auditLogConfig: null # S3 audit log configuration (null inherits from s3.auditLogConfig)
# You may specify buckets to be created during the install process. # You may specify buckets to be created during the install process.
# Buckets may be exposed publicly by setting `anonymousRead` to `true` # Buckets may be exposed publicly by setting `anonymousRead` to `true`

Write Preview
Loading…
Cancel
Save