Skip to content

Using DB credentials in the configmap #266

Closed
@rfrozza

Description

@rfrozza

Hello team!
I'm creating the metrics-exporter-config.yaml as a configmap.
Maybe I need a small clarification, but is it mandatory to pass the below block?

## Database username
username: ${DB_USERNAME}
## Database password
password: ${DB_PASSWORD}
## Database connection url
url: ${DB_CONNECT_STRING}

I'm asking because I'm already using credentials in the deployment:

       - name: DB_HOST
          valueFrom:
            secretKeyRef:
              key: DB_HOST
              name: customer-monitoring-credentials-prod
              optional: false
        - name: DB_NAME
          valueFrom:
            secretKeyRef:
              key: DB_NAME
              name: customer-monitoring-credentials-prod
              optional: false
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              key: DB_PASS
              name: customer-monitoring-credentials-prod
              optional: false
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef:
              key: DB_USER
              name: customer-monitoring-credentials-prod
              optional: false
        - name: DB_CONNECT_STRING
          value: $(DB_HOST):1521/$(DB_NAME)

And if creating the metrics-exporter-config.yamlas a configmap, the DB credentials will be in plain text.
Is using the parameter externalAuth: true the right option?

This is my current configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Values.customerName }}-exporter-configmap-{{ .Values.customerEnvironment }}
data:  
  metrics-exporter-config.yaml: |
    databases:
      {{ .Values.customerName }}-{{ .Values.customerProduct }}-{{ .Values.customerEnvironment }}:
        externalAuth: true
        queryTimeout: 10
        maxOpenConns: 10
        poolIncrement: 1
        poolMaxConnections: 10
        poolMinConnections: 1
    log:
      destination: /opt/alert.log
      interval: 15s
      disable: 1

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions