Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read InfluxDB credentials from a secret #280

Closed
jkhalack opened this issue Sep 30, 2019 · 0 comments · Fixed by #563
Closed

Read InfluxDB credentials from a secret #280

jkhalack opened this issue Sep 30, 2019 · 0 comments · Fixed by #563
Assignees
@anishakj
Labels
kind/enhancement Enhancement of an existing feature priority/P2 Slight inconvenience or annoyance to applications, system continues to function
Milestone
Pravega Operator ...

Comments

@jkhalack
Copy link

jkhalack commented Sep 30, 2019
edited
Loading

Description

Right now the only way to pass influxdb credentials to pravega (needed to store pravega metrics) is via pravega_options block of the custom pravegacluster resource.
As a result the above credentials are hanging around in plain text and are available via kubectl get pravegacluster -o yaml command.
It would be much better if pravega-operator had an option to take a name of the influxdb secret that holds the credentials (assuming that influxdb is deployed in the same namespace as pravega) and read the influxdb credentials from there.

Importance

Having the influxdb credentials in plain text in the CR poses significant security risk.

Location

https://github.com/pravega/pravega-operator/blob/master/pkg/apis/pravega/v1alpha1/pravega.go

Suggestions for an improvement

Add a new influxdb_secret spec to pravega spec, that would take the name of influxdb secret, read database credentials from the secret, then create

  • controller.metrics.influxDBUserName and controller.metrics.influxDBPassword options for pravega controller
  • metrics.influxDBUserName and metrics.influxDBPassword options for pravega segmentstore
@pbelgundi pbelgundi added kind/enhancement Enhancement of an existing feature Pravega 0.8.0 Fix by pravega 0.8.0 status/needs-investigation Further investigation is required priority/P2 Slight inconvenience or annoyance to applications, system continues to function and removed Pravega 0.8.0 Fix by pravega 0.8.0 labels May 6, 2020
@Ranganaths8 Ranganaths8 assigned SrishT and unassigned pbelgundi Oct 7, 2020
@SrishT SrishT mentioned this issue Jan 15, 2021
Closed
@medvedevigorek medvedevigorek added this to the Pravega Operator 0.5.5 milestone Jul 13, 2021
@anishakj anishakj mentioned this issue Jul 14, 2021
Merged
@SrishT SrishT assigned anishakj and unassigned SrishT Jul 14, 2021
@anishakj anishakj removed the status/needs-investigation Further investigation is required label Jul 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anishakj anishakj

Labels
kind/enhancement Enhancement of an existing feature priority/P2 Slight inconvenience or annoyance to applications, system continues to function
Projects
None yet
Milestone
Pravega Operator 0.5.5
Development

Successfully merging a pull request may close this issue.

Issue 280: Read InfluxDB credentials from a secret pravega/pravega-operator
5 participants
@SrishT @jkhalack @anishakj @pbelgundi @medvedevigorek