Expose temporal configuration in admintools

alexandrevilain / temporal-operator

Temporal Kubernetes Operator

https://temporal-operator.pages.dev/

Apache License 2.0

161 stars 35 forks source link

Expose temporal configuration in admintools #470

Open yujunz opened 1 year ago

yujunz commented 1 year ago

Particularly the store connections like

                    user: temporal_tok
                    password: '{{ .Env.TEMPORAL_DEFAULT_DATASTORE_PASSWORD }}'
                    pluginName: postgres12
                    databaseName: temporal_tok_aws_dev1
                    connectAddr: stage-postgres.uid.us-west-1.rds.amazonaws.com:5432

alexandrevilain commented 1 year ago

Hi @yujunz !

I'm not 100% sure about this feature request. My main concern is about security.
If no authentication is added to the temporal cluster, admintools pod has already many rights. Adding database connection informations would make the temporal cluster vulnerable in case of security breach.

yujunz commented 1 year ago

IMHO, if someone can get access to admintools, other pods in the same namespace are likely accessible too. Database connections information can easily be retrieved from the worker pods. This is actually how I get them at the moment 😊