pod_environment_secret is not passed along to backup cronjob #1348
Comments
|
Same. I was wondering if it is possible to pass |
|
I've created a PR to address this issue. #2097 |
|
Possibly related (or duplicate): #2050 |
|
Closing as #2051 got merged |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
we are currently using the backup functionality of the operator, which creates a cronjob within kubernetes that regularly executes logical backups as described here
For this we can pass along logical_backup_s3_secret_access_key in order to provide access to the storage. However this is currently passed in a configmap which is insecure. We therefore tried to use the pod_environment_secret mechanism in order to mount a custom secret which holds the credentials necessary upload the backup to storage.
It turned out that the secrets configured with pod_environment_secret are only considered / mounted on the operator itself. They are not present on the cronjob created by the operator to do the backups. Which leaves the whole backup mechanism insecure in terms of credential management.
I would suggest to either consider the pod_environment_secret also for creating the cronjob or to introduce a new variable specifically used for the logical backup.
---> registry.opensource.zalan.do/acid/postgres-operator:v1.6.0
--> BugReport / feature request
The text was updated successfully, but these errors were encountered: