feat: add ETCD dependency for api7 dashboard (#45)

Author: nic-chen

chart/api7-dashboard/Chart.lock

@@ -1,9 +1,12 @@
 dependencies:
+- name: etcd
+  repository: https://charts.bitnami.com/bitnami
+  version: 5.2.1
 - name: prometheus
   repository: https://prometheus-community.github.io/helm-charts
   version: 9.7.5
 - name: grafana
   repository: https://grafana.github.io/helm-charts
   version: 6.0.0
-digest: sha256:0b3f674fd91279a390c1752cb2b5d8b609578a8814df9dd536f0cb1c0aa9ee8b
-generated: "2021-11-18T14:27:32.795905+08:00"
+digest: sha256:3a48311c20e4406b0fc709edcc04bf7ae4bd0f24c516068a57870aef0e064db0
+generated: "2021-12-16T10:21:57.083452+08:00"

chart/api7-dashboard/Chart.yaml

@@ -26,6 +26,10 @@ maintainers:
   - email: [email protected]
     name: Chao Zhang
 dependencies:
+  - name: etcd
+    version: 5.2.1
+    repository: https://charts.bitnami.com/bitnami
+    condition: etcd.builtin
   - name: prometheus
     version: 9.0
     condition: prometheus.builtin

chart/api7-dashboard/README.md

@@ -26,25 +26,12 @@ kubectl create namespace api7
 
 Images for api7-dashboard is private and never should be uploaded to public image registries like [dockerhub](https://hub.docker.com), so make sure the image for api7-dashboard was stashed in a registry that can be accessed from the Kubernetes cluster.
 
-Also, as api7-dashboard is used to operate configurations for api7, so api7 and ETCD cluster should be installed before api7-dashboard, we assume that them were installed already, if not, please refer to [api7-chart](../api7/README.md).
-
 ```sh
-# api7-dashboard.yaml
-image:
-  registry: localhost:5000
-  repository: api7/api7-dashboard
-  tag: v2.1ee
-config:
-  clusters:
-    - name: cluster_1
-      etcd:
-        hosts:
-        - https://api7-etcd.api7.svc.cluster.local
-  selfEtcd:
-    hosts:
-    - https://api7-etcd.api7.svc.cluster.local
-
-helm install api7-dashboard . -n api7 --values api7-dashboard.yaml
+helm install api7-dashboard . -n api7 \
+  --set image.registry=apisixacr.azurecr.cn \
+  --set image.repository=api7-dashboard \
+  --set service.type=NodePort \
+  --set image.tag=2.7.2112
 ```
 
 When you execute the above command, change the registry, repository and tag according to your situation.

chart/api7-dashboard/templates/configmap.yaml

@@ -94,53 +94,27 @@ data:
           {{ end }}
         {{- end -}}
       {{- end }}
-      etcd_clusters:
-      {{ range .Values.config.clusters }}
-      {{- .name | indent 2 }}:
-          endpoints:
-          {{- range .etcd.hosts }}
-          - {{ . -}}
-          {{ end }}
-          prefix: {{ .etcd.prefix -}}
-          {{- if .etcd.auth.rbac.enabled }}
-          username: {{ .etcd.auth.rbac.user | quote }}
-          password: {{ .etcd.auth.rbac.password | quote }}
-          {{ end }}
-          {{- if .etcd.auth.tls.enabled }}
-          mtls:
-            key_file: "/usr/local/apisix-dashboard/{{ .name }}-etcd-ssl/{{ .etcd.auth.tls.certKeyFilename }}"
-            cert_file: "/usr/local/apisix-dashboard/{{ .name }}-etcd-ssl/{{ .etcd.auth.tls.certFilename }}"
-            ca_file: "/usr/local/apisix-dashboard/{{ .name }}-etcd-ssl/{{ .etcd.auth.tls.certCAFilename }}"
-          {{- end }}
-      {{ end }}
-        user_conf:
-          endpoints:
-          {{ range .Values.config.selfEtcd.hosts -}}
-          - {{ . }}
-          {{ end }}
-          prefix: {{ .Values.config.selfEtcd.prefix -}}
-          {{- if .Values.config.selfEtcd.auth.rbac.enabled }}
-          username: {{ .Values.config.selfEtcd.auth.rbac.user | quote }}
-          password: {{ .Values.config.selfEtcd.auth.rbac.password | quote }}
-          {{ end }}
-          {{- if .Values.config.selfEtcd.auth.tls.enabled }}
-          mtls:
-            key_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certKeyFilename }}"
-            cert_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certFilename }}"
-            ca_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certCAFilename }}"
-          {{- end }}
       etcd:
-        name: {{ .Values.config.selfEtcd.name }}
+        name: {{ .Values.etcd.name }}
+        {{- if .Values.etcd.builtin }}
         endpoints:
-        {{ range .Values.config.selfEtcd.hosts -}}
-        - {{ . }}
-        {{ end }}
-        prefix: {{ .Values.config.selfEtcd.prefix -}}
-        {{- if .Values.config.selfEtcd.auth.tls.enabled }}
+          - "http://{{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.etcd.service.port }}"
+        {{- else }}
+        endpoints:
+          {{- range $value := .Values.etcd.hosts }}
+          - "{{ $value }}"
+          {{- end }}
+        {{- end }}
+        {{- if .Values.etcd.auth.rbac.enabled }}
+        username: {{ .Values.etcd.auth.rbac.user | quote }}
+        password: {{ .Values.etcd.auth.rbac.password | quote }}
+        {{- end }}
+        prefix: {{ .Values.etcd.prefix -}}
+        {{- if .Values.etcd.auth.tls.enabled }}
         mtls:
-          key_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certKeyFilename }}"
-          cert_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certFilename }}"
-          ca_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.config.selfEtcd.auth.tls.certCAFilename }}"
+          key_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.etcd.auth.tls.certKeyFilename }}"
+          cert_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.etcd.auth.tls.certFilename }}"
+          ca_file: "/usr/local/apisix-dashboard/self-etcd-ssl/{{ .Values.etcd.auth.tls.certCAFilename }}"
         {{- end }}
       log:
         error_log:

chart/api7-dashboard/templates/deployment.yaml

@@ -81,7 +81,7 @@ spec:
               mountPath: "/usr/local/apisix-dashboard/{{ .name }}-etcd-ssl"
           {{- end }}
           {{- end }}
-          {{- if .Values.config.selfEtcd.auth.tls.enabled }}
+          {{- if .Values.etcd.auth.tls.enabled }}
             - name: self-etcd-ssl
               mountPath: "/usr/local/apisix-dashboard/self-etcd-ssl"
           {{- end }}
@@ -110,10 +110,10 @@ spec:
             secretName: {{ .etcd.auth.tls.existingSecret }}
         {{- end }}
         {{- end }}
-        {{- if .Values.config.selfEtcd.auth.tls.enabled }}
+        {{- if .Values.etcd.auth.tls.enabled }}
         - name: self-etcd-ssl
           secret:
-            secretName: {{ .Values.config.selfEtcd.auth.tls.existingSecret }}
+            secretName: {{ .Values.etcd.auth.tls.existingSecret }}
         {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:

chart/api7-dashboard/values.yaml

@@ -76,14 +76,48 @@ prometheus:
 grafana:
   builtin: true
 
+# etcd configuration
+# use the FQDN address or the IP of the etcd
+etcd:
+  # install etcd(v3) by default, set false if do not want to install etcd(v3) together,
+  # in such a case, etcd.host should be configured so that existing ETCD cluster can be
+  # used.
+  builtin: true
+  name: "default"
+  hosts:
+    - http://etcd.host:2379 # host or ip e.g. http://172.20.128.89:2379
+  prefix: "/api7"
+  timeout: 30
+  defaultPort: 2379
+  auth:
+    rbac:
+      # No authentication by default
+      enabled: false
+      ## etcd user
+      ##
+      user: ""
+      ## etcd password
+      ##
+      password: ""
+    # Whether to set up secure transport to ETCD cluster.
+    tls:
+      enalbed: false
+      # An existing secret stores the credentials to communicate with ETCD cluster.
+      existingSecret: ""
+      # Certificate filename used to communicate ETCD cluster.
+      certFilename: "tls.crt"
+      # Private key filename used to communicate ETCD cluster.
+      certKeyFilename: "tls.key"
+      certCAFilename: "ca.crt"
+      verify: true
+
 # api7-dashboard configurations
 config:
   # Key prefix used by api7-dashboard in ETCD cluster.
   allowList:
     - 127.0.0.0/24
   allowAdmin: []
   trustedProxies: []
-
   http:
     enabled: true
     servicePort: 9000
@@ -94,63 +128,13 @@ config:
     port: 9443
     secretName: ""
     mtls_enabled: true
-
-  # Multiple clusters configuration
-  clusters:
-    - name: cluster_1
-      etcd:
-        hosts: []
-        service:
-          port: 2379
-        auth:
-          rbac:
-            enabled: false
-            ## etcd user
-            ##
-            user: ""
-            ## etcd password
-            ##
-            password: ""
-          tls:
-            enabled: false
-            # Specify an existing secret with credentials for the communication with ETCD.
-            existingSecret: ""
-            certFilename: "tls.crt"
-            certKeyFilename: "tls.key"
-            certCAFilename: "ca.crt"
-        prefix: /api7
-  # selfEtcd configures the etcd cluster used to store
-  # metadata.
-  selfEtcd:
-    hosts: []
-    name: "default"
-    service:
-      port: 2379
-    auth:
-      rbac:
-        enabled: false
-        ## etcd user
-        ##
-        user: ""
-        ## etcd password
-        ##
-        password: ""
-      tls:
-        enabled: false
-        # Specify an existing secret with credentials for the communication with ETCD.
-        existingSecret: ""
-        certFilename: "tls.crt"
-        certKeyFilename: "tls.key"
-        certCAFilename: "ca.crt"
-      prefix: /api7
   k8sSupport:
     enable: true
     namespaces: ["*"]
     clusterDomain: "cluster.local"
     clusterRole: "services-lister"
     serviceAccount: "api7-account"
     clusterRoleBinding: "api7-services-account-binding"
-
   authentication:
     secret: "qwerty"
     expire_time: 3600     # jwt token expire time, in second
@@ -161,7 +145,6 @@ config:
     users:                # yamllint enable rule:comments-indentation
       - username: admin   # username and password for login `manager api`
         password: admin
-
   log:
     error_log:
       level: warn