-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Autogenerate random API Key with helm install if not passed #740
base: master
Are you sure you want to change the base?
Conversation
@@ -326,6 +326,8 @@ data: | |||
- name: "admin" | |||
{{- if .Values.apisix.admin.credentials.secretName }} | |||
key: ${{"{{"}}APISIX_ADMIN_KEY{{"}}"}} | |||
{{- else if eq .Values.apisix.admin.credentials.admin "" }} | |||
key: {{ randAlphaNum 32 }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do users know the key? You need to add a prompt output.
Perhaps managing admin-key through a secret would be more appropriate.
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is in the confimap. Users can look at the configmap using kubectl to look at the key. Is there an issue there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can write how to get the key in the docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added that in the README against this particular key. https://github.com/apache/apisix-helm-chart/pull/740/files#diff-3169e4e147b847e17edc927d65d4aa9cb5db1a436d62acf059c166e898f9f3fdR46
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can add a prompt here.
https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/templates/NOTES.txt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it regenerated when upgrading the version?
This PR is part of the proposal which removes hardcoding of sensitive API keys by autogenerating them at either application level(APISIX) or deployment level(like helm chart.)