Skip to content

I
influxdb
Commit 0dc71663 authored by David McKay's avatar David McKay
Browse files
Options

chore: tls configuration of secret keys and resources for bootstrap job

parent ba8b0057
Hide whitespace changes
Inline Side-by-side
Showing with 43 additions and 17 deletions
charts/influxdb-enterprise/README.md
View file @ 0dc71663
# InfluxDB Enterprise # InfluxDB Enterprise
## QuickStart ## Quick Start
```bash ```bash
helm repo add influxdata https://helm.influxdata.com/ helm repo add influxdata https://helm.influxdata.com/
...@@ -11,7 +11,7 @@ helm upgrade --install influxdb influxdata/influxdb-enterprise --namespace monit ...@@ -11,7 +11,7 @@ helm upgrade --install influxdb influxdata/influxdb-enterprise --namespace monit
## Introduction ## Introduction
This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for both the Meta and Data nodes. This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for both the meta and data nodes.
## Prerequisites ## Prerequisites
...@@ -20,7 +20,15 @@ This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for bot ...@@ -20,7 +20,15 @@ This chart bootstraps an InfluxDB Enterprise cluster, with a StatefulSet for bot
### Secrets ### Secrets
This chart REQUIRES some mandatory secrets in-order to function. This chart requires the following secrets in order to function:
- License
- Shared Secret
Optionally, you can also provide secrets to enable:
- Authentication
- TLS
#### License #### License
...@@ -88,7 +96,8 @@ Otherwise, you need to provide a secret with the keys `tls.crt` and `tls.key`. A ...@@ -88,7 +96,8 @@ Otherwise, you need to provide a secret with the keys `tls.crt` and `tls.key`. A
```yaml ```yaml
meta: meta:
https: https:
secretName: my-tls-secret secret:
name: my-tls-secret
insecure: true # Only enable if your CA isn't trusted insecure: true # Only enable if your CA isn't trusted
``` ```
......
charts/influxdb-enterprise/templates/bootstrap-job.yaml
View file @ 0dc71663
...@@ -141,10 +141,5 @@ spec: ...@@ -141,10 +141,5 @@ spec:
args: args:
- "Bootstrap Success" - "Bootstrap Success"
resources: resources:
requests: {{ toYaml .Values.bootstrap.ddldml.resources | indent 12 }}
cpu: 100m
memory: 20Mi
limits:
cpu: 100m
memory: 20Mi
{{ end }} {{ end }}
charts/influxdb-enterprise/templates/data-statefulset.yaml
View file @ 0dc71663
...@@ -43,7 +43,14 @@ spec: ...@@ -43,7 +43,14 @@ spec:
{{- if .Values.data.https.useCertManager }} {{- if .Values.data.https.useCertManager }}
secretName: {{ include "influxdb-enterprise.fullname" . }}-data-tls secretName: {{ include "influxdb-enterprise.fullname" . }}-data-tls
{{ else }} {{ else }}
secretName: {{ .Values.data.https.secretName }} secretName: {{ .Values.data.https.secret.name }}
{{ if or .Values.data.https.secret.crt .Values.data.https.secret.key }}
items:
- key: {{ .Values.data.https.crt }}
path: tls.crt
- key: {{ .Values.data.https.key }}
path: tls.key
{{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
containers: containers:
......
charts/influxdb-enterprise/templates/meta-statefulset.yaml
View file @ 0dc71663
...@@ -43,7 +43,14 @@ spec: ...@@ -43,7 +43,14 @@ spec:
{{- if .Values.meta.https.useCertManager }} {{- if .Values.meta.https.useCertManager }}
secretName: {{ include "influxdb-enterprise.fullname" . }}-meta-tls secretName: {{ include "influxdb-enterprise.fullname" . }}-meta-tls
{{ else }} {{ else }}
secretName: {{ .Values.meta.https.secretName }} secretName: {{ .Values.meta.https.secret.name }}
{{ if or .Values.meta.https.secret.crt .Values.meta.https.secret.key }}
items:
- key: {{ .Values.meta.https.crt }}
path: tls.crt
- key: {{ .Values.meta.https.key }}
path: tls.key
{{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
containers: containers:
......
charts/influxdb-enterprise/values.yaml
View file @ 0dc71663
...@@ -6,11 +6,12 @@ nameOverride: "" ...@@ -6,11 +6,12 @@ nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
imagePullSecrets: [] imagePullSecrets: []
# License-key and license-path are mutually exclusive. Use only one and leave the other blank.
license: license:
# You can put your license key here for testing this chart out, # You can put your license key here for testing this chart out,
# but we STRONGLY recommend using a license file stored in a secret # but we STRONGLY recommend using a license file stored in a secret
# when you ship to production. # when you ship to production.
key: "fbe954a4-69c2-4b7e-bf69-cad2c2e5e6b9" # key: ""
# secret: # secret:
# name: license # name: license
# key: json # key: json
...@@ -40,6 +41,7 @@ bootstrap: ...@@ -40,6 +41,7 @@ bootstrap:
# to exist. # to exist.
ddldml: {} ddldml: {}
# configMap: ddl-dml # configMap: ddl-dml
# resources: {}
meta: meta:
replicas: 1 replicas: 1
...@@ -96,9 +98,12 @@ meta: ...@@ -96,9 +98,12 @@ meta:
enabled: true enabled: true
# The `useCertManager` option, when set to true, will # The `useCertManager` option, when set to true, will
# automatically create the certificate resources for you. # automatically create the certificate resources for you.
# You do not need to set the secretName when using this flag. # You do not need to set the secret.name when using this flag.
useCertManager: true useCertManager: true
# secretName: tls-secret secret:
name: tls-secret
# crt: tls.crt
# key: tls.key
insecure: true insecure: true
...@@ -145,7 +150,10 @@ data: ...@@ -145,7 +150,10 @@ data:
enabled: true enabled: true
# The `useCertManager` option, when set to true, will # The `useCertManager` option, when set to true, will
# automatically create the certificate resources for you. # automatically create the certificate resources for you.
# You do not need to set the secretName when using this flag. # You do not need to set the secret.name when using this flag.
useCertManager: true useCertManager: true
# secretName: tls-secret secret:
name: tls-secret
# crt: tls.crt
# key: tls.key
insecure: true insecure: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment