diff --git a/charts/openobserve-standalone/templates/openobserve-statefulset.yaml b/charts/openobserve-standalone/templates/openobserve-statefulset.yaml index bbead82..bae4bd3 100644 --- a/charts/openobserve-standalone/templates/openobserve-statefulset.yaml +++ b/charts/openobserve-standalone/templates/openobserve-statefulset.yaml @@ -86,6 +86,18 @@ spec: - secretRef: name: {{ include "openobserve.fullname" . }} env: + {{- if .Values.auth.existingRootUserSecret.name }} + - name: ZO_ROOT_USER_EMAIL + valueFrom: + secretKeyRef: + name: {{ .Values.auth.existingRootUserSecret.name }} + key: {{ .Values.auth.existingRootUserSecret.emailKey }} + - name: ZO_ROOT_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.auth.existingRootUserSecret.name }} + key: {{ .Values.auth.existingRootUserSecret.passwordKey }} + {{- end }} {{- with .Values.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/openobserve-standalone/templates/secret.yaml b/charts/openobserve-standalone/templates/secret.yaml index 6b3496a..1126ea6 100644 --- a/charts/openobserve-standalone/templates/secret.yaml +++ b/charts/openobserve-standalone/templates/secret.yaml @@ -10,9 +10,11 @@ metadata: {{- end }} type: Opaque stringData: + {{- if not .Values.auth.existingRootUserSecret.name }} ZO_ROOT_USER_EMAIL: "{{ .Values.auth.ZO_ROOT_USER_EMAIL }}" ZO_ROOT_USER_PASSWORD: "{{ .Values.auth.ZO_ROOT_USER_PASSWORD }}" ZO_ROOT_USER_TOKEN: "{{ .Values.auth.ZO_ROOT_USER_TOKEN }}" + {{- end }} {{- if not .Values.minio.enabled }} ZO_S3_ACCESS_KEY: "{{ .Values.auth.ZO_S3_ACCESS_KEY }}" {{- else }} @@ -31,4 +33,4 @@ stringData: AZURE_STORAGE_ACCOUNT_KEY: "{{ .Values.config.AZURE_STORAGE_ACCOUNT_KEY }}" AZURE_STORAGE_ACCOUNT_NAME: "{{ .Values.config.AZURE_STORAGE_ACCOUNT_NAME }}" {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/openobserve-standalone/templates/zplane-deployment.yaml b/charts/openobserve-standalone/templates/zplane-deployment.yaml index 6099365..051163a 100644 --- a/charts/openobserve-standalone/templates/zplane-deployment.yaml +++ b/charts/openobserve-standalone/templates/zplane-deployment.yaml @@ -51,9 +51,23 @@ spec: {{- toYaml .Values.zplane.resources | nindent 12 }} env: - name: ZPLANE_ZO_USERNAME - value: "{{ .Values.auth.ZO_ROOT_USER_EMAIL }}" + {{- if .Values.auth.existingRootUserSecret.name }} + valueFrom: + secretKeyRef: + name: {{ .Values.auth.existingRootUserSecret.name }} + key: {{ .Values.auth.existingRootUserSecret.emailKey }} + {{- else }} + value: {{ .Values.auth.ZO_ROOT_USER_EMAIL | quote }} + {{- end }} - name: ZPLANE_ZO_PASSWORD - value: "{{ .Values.auth.ZO_ROOT_USER_PASSWORD }}" + {{- if .Values.auth.existingRootUserSecret.name }} + valueFrom: + secretKeyRef: + name: {{ .Values.auth.existingRootUserSecret.name }} + key: {{ .Values.auth.existingRootUserSecret.passwordKey }} + {{- else }} + value: {{ .Values.auth.ZO_ROOT_USER_PASSWORD | quote }} + {{- end }} - name: ZPLANE_ZO_ENDPOINT value: "http://{{ include "openobserve.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.port }}" diff --git a/charts/openobserve-standalone/values.yaml b/charts/openobserve-standalone/values.yaml index d2524c4..fe83064 100644 --- a/charts/openobserve-standalone/values.yaml +++ b/charts/openobserve-standalone/values.yaml @@ -66,10 +66,22 @@ headless: # Credentials for authentication auth: + # Either specify root user credentials here, or use an existing secret. + + # OpenObserve root user email ZO_ROOT_USER_EMAIL: "root@example.com" + # OpenObserve root user password ZO_ROOT_USER_PASSWORD: "Complexpass#123" ZO_ROOT_USER_TOKEN: "" + existingRootUserSecret: + # Existing secret with OpenObserve root user credentials. + name: "" + # Email key to be retrieved from existing secret + emailKey: "ZO_ROOT_USER_EMAIL" + # Password key to be retrieved from existing secret + passwordKey: "ZO_ROOT_USER_PASSWORD" + # do not need to set this if enabled minio is being used. settings will be picked from minio section. Also IRSA is preferred if on EKS. Set the Service account section with the correct IAM role ARN. Refer https://zinc.dev/docs/guide/ha_deployment/#amazon-eks-s3 ZO_S3_ACCESS_KEY: "" ZO_S3_SECRET_KEY: ""