GeorgelPreput opened a new issue, #988:
URL: https://github.com/apache/apisix-helm-chart/issues/988

   Currently `apisix.vault.token` is taken verbatim from `values.yaml` and 
written in plaintext into the `apisix-<release>-config` ConfigMap:
   
   ```yaml
   # templates/configmap.yaml
   {{- if .Values.apisix.vault.enabled }}
   vault:
     host: {{ .Values.apisix.vault.host }}
     timeout: {{ .Values.apisix.vault.timeout }}
     token: {{ .Values.apisix.vault.token }}   # plaintext token into ConfigMap
     prefix: {{ .Values.apisix.vault.prefix }}
   {{- end }}
   ```
   
   There's no way to provide the Vault token via an existing Kubernetes Secret 
— it must live in `values.yaml` (and therefore in the Helm release / Rancher 
app config / git).
   
   The chart already offers a `secretName` option for the admin API credentials 
(`apisix.admin.credentials.secretName`). It would be helpful to have an 
equivalent for the Vault token, e.g.:
   
   ```yaml
   # values.yaml
   vault:
     enabled: false
     host: ""
     timeout: 10
     token: ""
     prefix: ""
     secretName: ""          # existing Secret containing the token
     secretKey: "token"     # key inside that Secret
   ```
   
   When `secretName` is set, the chart would source the token from that Secret 
rather than from the plaintext `token` field.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to