Hardcoded credential when using AerospikeBackup CR

[mano1233]

When going over the aerospikebackup CR example. We are looking for a reference as to how we can inject the aerospike credential using a Kubernetes secret. The example has only hardcoded values - https://github.com/aerospike/aerospike-kubernetes-operator/blob/aa051f72de962287b9122006b87702a6614da423/config/samples/aerospikebackup.yaml#L17

In addition, when viewing the AerospikeBackupService CR, the example only shows how to add static AWS credentials and not how to use a Kubernetes service account connected to the AWS IAM role, as instructed by our security team.

https://github.com/aerospike/aerospike-kubernetes-operator/blob/aa051f72de962287b9122006b87702a6614da423/config/samples/aerospikebackupservice.yaml#L29-L34

Please advise on how to use the CR securely, In alignment with our internal requirements.

[sud82]

Hi @mano1233, We are going to document the above use case. I will let you know as soon as we have a doc.

[mano1233]

Thanks. Please let me know once the relevant documentation is available

[abhishekdwivedi3060]

Hi @mano1233, the doc is available here It has examples for both of your use-cases.

[mano1233]

Hey, In the reference about the IRSA example there is no field where you point to the relevant service account.

[abhishekdwivedi3060]

Hi, service account is not part of the CR. It is expected to be created manually with a specific name before deploying the Backup service. See this to create service account. See this to configure IRSA for the service account.

[mano1233]

Thanks for the references.