-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
admin hashes get regenerated on pod restart #7
Comments
Hmm, the source of truth for Are you thinking to use a PV to make |
It's not ideal but I think reusing a subpath of the existing db file PV would be simplest option, yes. The issue with inconsistent cookie auth between nodes is also only solved if the |
#26 provides a workaround by allowing users to specify a hash at deploy time |
The CouchDB Dockerfiles lay down an
[admins]
section in/opt/couchdb/etc/local.d/docker.ini
here. The Helm chart is currently configured such that/opt/couchdb/etc/default.d
is persistent but/opt/couchdb/etc/local.d
is not.This results in regeneration of the admin hashes whenever a CouchDB pod is restarted, invalidating any session cookies and leading to inconsistent auth failures with cookies are used.
I think the safest thing is likely to just make
/opt/couchdb/etc/local.d
persistent as well; the Dockerfile will already skip laying down a new[admins]
section if one is present.cc @kocolosk
The text was updated successfully, but these errors were encountered: