Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow use of config maps and secrets in plugin configs #1408

Closed
jnystad opened this issue Oct 26, 2022 · 4 comments · Fixed by #1486
Closed

feat: Allow use of config maps and secrets in plugin configs #1408

jnystad opened this issue Oct 26, 2022 · 4 comments · Fixed by #1486
Assignees
@An-DJ
Labels
help wanted Extra attention is needed triage/accepted Indicates an issue or PR is ready to be actively worked on.
Milestone
v1.6.0

Comments

@jnystad
Copy link

jnystad commented Oct 26, 2022

Hi there,

Some plugins require secrets in their configs (e.g. openid-connect with client_secret and session.secret), but there is no way of injecting this from a Kubernetes secret that I can see. Likewise, obtaining some values from config maps could be very useful.

This makes it hard to automate deployments when using apisix-ingress-controller without writing custom scripts to inject secrets at deploy time (which is not always possible or desirable, e.g. when using a Kustomize based workflow with standard tooling like ArgoCD).

Is there a plan to add support for this? For instance, with a preprocessing step of plugin configs or adding the option to refer to a config map/value or secret/value in any of the config values?
@tao12345666333
Copy link
Member

Do you want something similar to what we did with ApisixConsumer? With a secretRef item

apisix-ingress-controller/test/e2e/suite-plugins/suite-plugins-authentication/jwt.go

Lines 139 to 147 in b734af3

apiVersion: apisix.apache.org/v2beta3
kind: ApisixConsumer
metadata:
name: foo
spec:
authParameter:
jwtAuth:
secretRef:
name: jwt

@jnystad
Copy link
Author

jnystad commented Oct 26, 2022

Yes, please. And if you include the option to set secret key name as well, that would probably solve the most common use cases.

@tao12345666333 tao12345666333 added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed discuss labels Oct 27, 2022
@tao12345666333 tao12345666333 added the help wanted Extra attention is needed label Nov 21, 2022
@An-DJ
Copy link
Contributor

An-DJ commented Nov 27, 2022

I'd want to help to solve this. Could it be assigned to me? @tao12345666333

An-DJ added a commit to An-DJ/apisix-ingress-controller that referenced this issue Dec 4, 2022
@An-DJ
feat: support secret plugin config
4e4e700 
Config in ApisixRoute and ApisixPluginConfig can be stored into and referred from kubernetes secret

Close apache#1408
@An-DJ An-DJ mentioned this issue Dec 4, 2022
Merged
8 tasks
An-DJ added a commit to An-DJ/apisix-ingress-controller that referenced this issue Dec 6, 2022
@An-DJ
feat: remove secretRef of plugins.config in v2beta3
dd9e470 
* remove secretRef of plugins.config in v2beta3
* add key logs output
* add test case to validate the plugins config priority
* add the corresponding doc section

Close apache#1408
An-DJ added a commit to An-DJ/apisix-ingress-controller that referenced this issue Dec 6, 2022
@An-DJ
docs: add a blank line
b223b51 
Close apache#1408
An-DJ added a commit to An-DJ/apisix-ingress-controller that referenced this issue Dec 6, 2022
@An-DJ
docs: add a blank line before yaml
10d708d 
Close apache#1408
An-DJ added a commit to An-DJ/apisix-ingress-controller that referenced this issue Dec 6, 2022
@An-DJ
test: fix wrong service config error
c94db44 
Correct backend configs in networking/v1beta1 and extensions/v1beta1

Close apache#1408
Repository owner moved this from Todo to Done in Apache APISIX Ingress controller Dec 12, 2022
@tao12345666333 tao12345666333 added this to the v1.6.0 milestone Dec 12, 2022
@tao12345666333
Copy link
Member

@jnystad #1486 has been merged. It will be introduced in v1.6 version (this week)

@lpiob lpiob mentioned this issue Mar 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@An-DJ An-DJ

Labels
help wanted Extra attention is needed triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Apache APISIX Ingress controller
Archived in project
Milestone
v1.6.0
Development

Successfully merging a pull request may close this issue.

feat: support secret plugin config An-DJ/apisix-ingress-controller
3 participants
@tao12345666333 @jnystad @An-DJ