feat: enable MTLS between dashboard and etcd

[fengxsong]

When we deploy apisix with dashboard enabled into a low-load cluster, we prefer to reuse the existing etcd cluster, such as the one that used by kube-apiserver, which has MTLS enabled by default. We need to make the dashboard chart support this configurations.

[fengxsong]

Here is an example.

1. create generic secret first

$ kubectl create namespace ingress-apisix || true
$ kubectl -n ingress-apisix create secret generic kube-etcd-healthcheck-client --from-file=tls.crt=/etc/kubernetes/pki/etcd/healthcheck-client.crt --from-file=tls.key=/etc/kubernetes/pki/etcd/healthcheck-client.key --from-file=ca.crt=/etc/kubernetes/pki/etcd/ca.crt

2. custom values to apply to apisix chart

dashboard:
  enabled: true
  config:
    conf:
      etcd:
        prefix: /apisix
        endpoints:
          - $ETCD_MEMBER_0:2379
          - $ETCD_MEMBER_1:2379
          - $ETCD_MEMBER_2:2379
        mtls:
          enabled: true
          existingSecret: kube-etcd-healthcheck-client
  ingress:
    enabled: true
    className: apisix
    hosts:
      - host: apisix-dashboard.httpbin.org
        paths: ["/*"]
etcd:
  auth:
    tls:
      certFilename: tls.crt
      certKeyFilename: tls.key
      enabled: true
      existingSecret: kube-etcd-healthcheck-client
      verify: true
      sni: "localhost"
  enabled: false
  host:
    - https://$ETCD_MEMBER_0:2379
    - https://$ETCD_MEMBER_1:2379
    - https://$ETCD_MEMBER_2:2379
  prefix: /apisix

gateway:
  tls:
    containerPort: 443
    enabled: true
    existingCASecret: kube-etcd-healthcheck-client
    certCAFilename: ca.crt

[fengxsong]

any updates?

[druggo]

https://github.com/apache/apisix-helm-chart/pull/494 was merged