Skip to content

Commit

Permalink
feat: add static auth configuration (#214)
Browse files Browse the repository at this point in the history
  • Loading branch information
daviderli614 authored Dec 12, 2024
1 parent 929b54b commit beb5168
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 7 deletions.
2 changes: 1 addition & 1 deletion charts/greptimedb-standalone/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: greptimedb-standalone
description: A Helm chart for deploying standalone greptimedb
type: application
version: 0.1.36
version: 0.1.37
appVersion: 0.11.0
home: https://github.com/GreptimeTeam/greptimedb
sources:
Expand Down
7 changes: 6 additions & 1 deletion charts/greptimedb-standalone/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

A Helm chart for deploying standalone greptimedb

![Version: 0.1.36](https://img.shields.io/badge/Version-0.1.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
![Version: 0.1.37](https://img.shields.io/badge/Version-0.1.37-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)

## Source Code
- https://github.com/GreptimeTeam/greptimedb
Expand Down Expand Up @@ -53,6 +53,11 @@ helm uninstall greptimedb-standalone -n default
| affinity | object | `{}` | Affinity configuration for pod |
| annotations | object | `{}` | The annotations |
| args | list | `[]` | The container args |
| auth | object | `{"enabled":false,"fileName":"passwd","mountPath":"/etc/greptimedb/auth","users":[{"password":"admin","username":"admin"}]}` | The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static). |
| auth.enabled | bool | `false` | Enable static auth |
| auth.fileName | string | `"passwd"` | The auth file name, the full path is `${mountPath}/${fileName}` |
| auth.mountPath | string | `"/etc/greptimedb/auth"` | The auth file path to store the auth info |
| auth.users | list | `[{"password":"admin","username":"admin"}]` | The users to be created in the auth file |
| command | list | `[]` | The container command |
| configToml | string | `"mode = 'standalone'\n"` | The extra configuration for greptimedb |
| dataHome | string | `"/data/greptimedb/"` | Storage root directory |
Expand Down
22 changes: 17 additions & 5 deletions charts/greptimedb-standalone/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
args:
{{- if .Values.configToml }}
- "--config-file"
- "/etc/greptimedb/config.toml"
- "/etc/greptimedb/config/config.toml"
{{- end }}
{{- if .Values.dataHome }}
- "--data-home"
Expand All @@ -86,12 +86,16 @@ spec:
- containerPort: {{ .Values.postgresServicePort }}
name: postgres
protocol: TCP
{{- if .Values.env }}
{{- if or .Values.env .Values.auth.enabled }}
env:
{{- range $key, $val := .Values.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- if .Values.auth.enabled }}
- name: GREPTIMEDB_STANDALONE__USER_PROVIDER
value: "static_user_provider:file:{{ .Values.auth.mountPath }}/{{ .Values.auth.fileName }}"
{{- end }}
{{- end }}
{{- if .Values.objectStorage }}
{{- if .Values.objectStorage.credentials }}
Expand All @@ -113,7 +117,12 @@ spec:
mountPath: {{ .Values.persistence.mountPath }}
{{- if .Values.configToml }}
- name: config
mountPath: /etc/greptimedb
mountPath: /etc/greptimedb/config
readOnly: true
{{- end }}
{{- if .Values.auth.enabled }}
- name: auth
mountPath: {{ .Values.auth.mountPath }}
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
Expand All @@ -123,17 +132,20 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if or .Values.configToml .Values.extraVolumes }}
volumes:
{{- if .Values.configToml }}
- name: config
configMap:
name: {{ include "greptimedb-standalone.fullname" . }}-config
{{- end }}
{{- if .Values.auth.enabled }}
- name: auth
secret:
secretName: {{ include "greptimedb-standalone.fullname" . }}-users-auth
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
Expand Down
13 changes: 13 additions & 0 deletions charts/greptimedb-standalone/templates/users-auth-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if .Values.auth.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "greptimedb-standalone.fullname" . }}-users-auth
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
{{ .Values.auth.fileName }}: |
{{- range .Values.auth.users }}
{{ printf "%s=%s" .username .password }}
{{- end }}
{{- end }}
13 changes: 13 additions & 0 deletions charts/greptimedb-standalone/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -239,3 +239,16 @@ service:
type: ClusterIP
# -- Annotations for service
annotations: {}

# -- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/deployments/authentication/static).
auth:
# -- Enable static auth
enabled: false
# -- The auth file path to store the auth info
mountPath: "/etc/greptimedb/auth"
# -- The auth file name, the full path is `${mountPath}/${fileName}`
fileName: "passwd"
# -- The users to be created in the auth file
users:
- username: "admin"
password: "admin"

0 comments on commit beb5168

Please sign in to comment.