diff --git a/helm-charts/doris-operator/templates/deployment.yaml b/helm-charts/doris-operator/templates/deployment.yaml index faf9fee7..1e9ff492 100644 --- a/helm-charts/doris-operator/templates/deployment.yaml +++ b/helm-charts/doris-operator/templates/deployment.yaml @@ -141,3 +141,7 @@ spec: nodeSelector: {{- toYaml .Values.dorisOperator.nodeSelector | nindent 8 }} {{- end }} + {{- if .Values.dorisOperator.tolerations }} + tolerations: + {{- toYaml .Values.dorisOperator.tolerations | nindent 8 }} + {{- end }} diff --git a/helm-charts/doris-operator/values.yaml b/helm-charts/doris-operator/values.yaml index 2bf359c7..f5b7dce7 100644 --- a/helm-charts/doris-operator/values.yaml +++ b/helm-charts/doris-operator/values.yaml @@ -31,6 +31,12 @@ dorisOperator: # kubernetes.io/arch: amd64 # kubernetes.io/os: linux # app.kubernetes.node.name: "k8s-node1" + tolerations: [] + # tolerations for operator pod assignment + # - key: "example-key" + # operator: "Equal" + # value: "example-value" + # effect: "NoSchedule" resources: {} # resources used to specify compute resources, default is 2c 4Gi, the resource follow k8s requests and limits config.(https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) # requests: diff --git a/helm-charts/doris/README.md b/helm-charts/doris/README.md index dfda4090..36a556b2 100644 --- a/helm-charts/doris/README.md +++ b/helm-charts/doris/README.md @@ -55,6 +55,26 @@ Observe that the Pod of `doriscluster` is in the `Running` state and all contain doriscluster-helm-be-2 1/1 Running 0 16s ``` +## Authentication Options + +The chart supports three authentication methods (in order of precedence): +1. `adminUser` - Plain text credentials (not recommended) +2. `authSecret` - Helm creates a secret from base64 values +3. `authSecretName` - Reference an existing secret (recommended) + +### Using External Secret (Recommended) +```bash +# Create secret +kubectl create secret generic doris-auth \ + --type=kubernetes.io/basic-auth \ + --from-literal=username=root \ + --from-literal=password='your-password' + +# Reference in values.yaml +dorisCluster: + authSecretName: "doris-auth" +``` + ## Uninstall doriscluster Please confirm the Doris is not used, when using next command to uninstall `doriscluster`. ```bash diff --git a/helm-charts/doris/templates/doriscluster.yaml b/helm-charts/doris/templates/doriscluster.yaml index b681a566..4cec9a4b 100644 --- a/helm-charts/doris/templates/doriscluster.yaml +++ b/helm-charts/doris/templates/doriscluster.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml .Values.dorisCluster.adminUser | nindent 4 }} {{- else if .Values.dorisCluster.authSecret }} authSecret: {{ template "doriscluster.secret.name" . }} + {{- else if .Values.dorisCluster.authSecretName }} + # Reference an existing secret + authSecret: {{ .Values.dorisCluster.authSecretName }} {{- end }} feSpec: {{- if .Values.feSpec.annotations }} diff --git a/helm-charts/doris/values.yaml b/helm-charts/doris/values.yaml index 50a227e2..420fd601 100644 --- a/helm-charts/doris/values.yaml +++ b/helm-charts/doris/values.yaml @@ -34,7 +34,13 @@ dorisCluster: adminUser: {} # name: root # password: "12345" - # use authSecret can encrypt and save passwords, recommend this method + # Option 1: Reference an existing secret + # Use this when you have created a secret outside of this Helm chart + # Example: kubectl create secret generic doris-auth --type=kubernetes.io/basic-auth --from-literal=username=root --from-literal=password='your-password' + authSecretName: "" + # Example: authSecretName: "doris-auth" + + # Option 2: use authSecret can encrypt and save passwords # 1. run shell: echo -n '{your_password}' | base64 to get password base64 string # 2. run shell: echo -n '{your_user}' | base64 to get user base64 string # 3. Fill the encrypted string into the corresponding position