clintonk
commented
5 years ago Thanks, @wonderland, we know. Part of why it's an alpha release. And if you have any feedback on snapshots or anything else in the alpha, we'd love to hear that, too.
Closed wonderland closed 5 years ago
clintonk
commented
5 years ago Thanks, @wonderland, we know. Part of why it's an alpha release. And if you have any feedback on snapshots or anything else in the alpha, we'd love to hear that, too.
wonderland
commented
5 years ago Great to hear that this is already taken care of. Will do some more testing and let you know of any feedback...
With the new CRD implementation in 19.07, the password for accessing the Ontap API is stored in cleartext and easily revealed to anyone with access to the trident namespace. This certainly isn't the best way to deal with passwords in k8s and even worse to the previous approach where the password was more well hidden in tridents own etcd. May I ask for either a more secure auth mechanism (certificates) or for a more secure approach to store the password?
Example:
$kubectl describe tridentbackends -n trident Name: tbe-2l5t8 Namespace: trident Labels:
Annotations:
API Version: trident.netapp.io/v1
Backend Name: svm_hland
Backend UUID: 6b6634e6-e63a-4b4c-b3eb-c8e206e79b3c
Config: