Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Put passwords in secrets instead of configmaps #244

Open
vflaux opened this issue Apr 2, 2024 · 2 comments
Open

Put passwords in secrets instead of configmaps #244

vflaux opened this issue Apr 2, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@vflaux
Copy link

vflaux commented Apr 2, 2024

Bug report:

Redis & MySQL passwords are stored in Configmaps.

Expected behavior:

Password should be in Secrets.

How to reproduce it:

N/A

Environment:

  • Dragonfly version: N/A
  • OS: N/A
  • Kernel (e.g. uname -a): N/A
  • Others: N/A
@vflaux vflaux added the bug Something isn't working label Apr 2, 2024
@gaius-qi
Copy link
Member

gaius-qi commented Apr 2, 2024

I think it's a good idea, you can try to support it.

@vflaux vflaux changed the title Passwords in configmaps Put passwords in secrets instead of configmaps Apr 2, 2024
@andrewrothstein
Copy link

this change requires a change to how the manager handles secrets. both the secret and the not-secret configuration parameters are comingled in the config file for the manager. I see u rejected #246. perhaps u can add some color as to why. unless the underlying system supports reading the secrets from somewhere not comingled with the not-secrets, the whole configuration should be treated like a secret.

I was looking at the code for the manager. are you open to a PR that reads these secrets as overrides from environment variables rather than exclusively from the config file? that will allow us to bring the secrets from a k8s Secret into the environment of the manager pods without disrupting the existing usage pattern.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants