-
Notifications
You must be signed in to change notification settings - Fork 14
Do not make creating a secret for PostgreSQL a prerequisite #68
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The generated secret does not have own-runtime set, ie, when the backstage CR is deleted, the secret will NOT be removed. This prevents the secret from being re-created should the CR is deleted and then redeployed.
About this, I'm wondering if we should not delete the generated secret as well. Otherwise, we might end up with a lot of secrets, especially if I delete my CR, then rename it before applying it. The data in the secret is random, so I guess it should not be a problem to recreate it, no?
volumeMounts: | ||
- mountPath: /opt/app-root/src/dynamic-plugins-root | ||
name: dynamic-plugins-root | ||
db-statefulset.yaml: "apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious to know why we lost the previous formatting. It was much more legible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what happened to the code generator, seems like kustomize issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple notes:
I think, for the sake of consistency we need to take DB secret as a first class citizen object i.e:
- it has to have own (db-secret.yaml) default configuration and accordingly to be able to be overlayed with raw configuration
- (optionally if we decide so) it has to have dedicated Backstage CRD config (just secret name)
I do not think there are a lot of reasons to generate it, static initialization should be fine IMO (note it is a property of "local", namespace scoped Database, production is a different story)
Fair enough. Accepted. |
Agreed to use the same approach for the psql secret as other objects. Meanwhile, I think it is worthwhile to generate a random password instead of a default one. |
@jianrongzhang89 well, I am not against generating per se, it just looks like it may cost too much. |
IMO, it would make sense for the DB to have a random password value for each Backstage instance (for the reasons depicted in #63 (comment)). |
Also, if we do not generate the db password, users will be unable to use local psql db for production. Although they may use external db installations, I can image some smaller sized customers may simply want to use the local psql db instead. |
About using it for small group, I do not think it is directly related to the credential generation topic
What we propose for the case when one want to change the generated credentials? Like, ok, I go to sql server and change it (as you mentioned) but how I change the Secret if after first generation we consider it as not changeable and => ignore its changing? Or I missed something? |
@gazarenkov This is a good point. After the secret is generated, the user shall be able to change the passwords in the server, and then update the secret accordingly. Current implementation does not prevent the user from doing this as the secret gets generated only if it does not exist yet. |
We are talking about the case when Operator generates the secret right? |
In a case when secret is generated with default configuration and synchronized with operator, I do not think existence of secret is a good criteria to decide (indeed when you create CR with defaults, secret does not exist always). |
Yes, this was about the case when the secret was generated. I think deletion is now handled accordingly in this PR. External secrets are not deleted when the CR is deleted. |
…cret to authSecret
In such case, the user should be responsible to make sure the secret is correct. Also note that the secret may not already exist when the CR is created and the user may create it after the CR is already created. |
8001302
to
612297f
Compare
Description
Changes:
pointing to the secret reference with special name '{POSTGRESQL_SECRET}', a secret is auto generated, and the envFrom entry is updated to backstage-psql-secret-. Otherwise, we assume that the user has an existing secret provided and it will not be auto generated.
Which issue(s) does this PR fix or relate to
PR acceptance criteria
How to test changes / Special notes to the reviewer
a) Deploy the operator and the dummy backstage CR (examples/bs1.yaml).
b) Check that the psql db and backstage are running.
c) Check that a secret backstage-psql-secret- has been created.
d) Delete the backstage CR and check and confirm that the secret gets deleted.
e)deploy examples/bs-existing-secret.yaml and check the backstage and plsql db are using the existing secret used without generating a new one.