naimadswdn
commented
3 years ago Hey, did you have an occasion to take a look into that? :)
Closed naimadswdn closed 3 years ago
naimadswdn
commented
3 years ago Hey, did you have an occasion to take a look into that? :)
Antiarchitect
commented
3 years ago @naimadswdn Thank you for your input! Please see 0.21.0 release.
Thanks for last PR! Anyway, after I push it I realized that there is much better idea to implement. Currently (after PR, version 0.20.0) you still need to provide password as a plain text under values.yaml. This is to correctly generate secret-utils k8s secret with server.sh content.
This PR introduce new functionality -> you can provide password only from secret. No need of exposing password as plain text under values.yaml. When using existingSecret, environment variable is exposed under keydb container and used under server.sh definition.
Option with password as plain text under values.yaml is still valid and can be used.
Update: I believe we could release it under 0.20.1 version, as a fix/improvement of feature introduced under 0.20.0. Do you agree?
After that PR is merged, you will be able to use previously created secrets (like for example Sealed Secrets, which can be safety committed to public repo) for KeyDB container along with exporter container. No more fear of committing a plain text password to the repository.