New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve helm secrets template #8598
Conversation
rootPassword: example | ||
# custom secret values | ||
secret: | ||
rootPassword: null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Charts will no longer ship with a dev default value. It must be explicitly provided by the cluster owner if randomizedSecrets=false
else helm will error out because of this line
@@ -11,6 +11,7 @@ data: | |||
defaultRootPassword: {{ include "common.secrets.set" (dict | |||
"secret" $secretName | |||
"key" "defaultRootPassword" | |||
"default" .Values.node.defaultSecret.defaultRootPassword | |||
"randomDefault" .Values.global.randomizedSecrets |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MAYBE: it would be good to setup application level secret randomization
instead of global.randomizedSecrets.
it could be
.Values.global.node.randomizedSecrets
Where for example if users , need to set a custom secret only for syft container, they could do it easily.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could be done similarly for mongo, seaweedfs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm ... looks like it didn't get pushed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where for example if users , need to set a custom secret only for syft container, they could do it easily.
for that they can use what you had implemented, provide a custom Secret and use it through values.backend.secretKeyName
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well Done @yashgorana
Description
Part of https://github.com/OpenMined/Heartbeat/issues/1113
global.useDefaultSecrets
is changed toglobal.randomizedSecrets
.common.secrets.set
is should be a bit more clear when dealing with using generated passwords vs. default static passwordspackages/grid/helm/values.dev.yaml
which includes the dev secretsAffected Dependencies
List any dependencies that are required for this change.
How has this been tested?
Checklist