Support rotation of `capi.database.password` - Githubissues

cloudfoundry / cf-for-k8s

The open source deployment manifest for Cloud Foundry on Kubernetes

Apache License 2.0

300 stars 115 forks source link

Support rotation of `capi.database.password` #530

Open ericpromislow opened 3 years ago

ericpromislow commented 3 years ago

Describe the bug

This is in the category of supporting rotation of all credentials (https://www.pivotaltracker.com/story/show/175210100)

To Reproduce*

Steps to reproduce the behavior:

Deploy cf-for-k8s
Verify it works by pushing an app or running smoke tests
Change the value of capi.database.password in a values file.
Redeploy should fail.
kubectl logs -n cf-system cf-api-server-SUFFIX -c cf-api-server has a line like PG::ConnectionBad: FATAL: password authentication failed for user "cloud_controller"

Expected behavior

The password should be successfully rotated during upgrades, and deployment continues successfully.

cf-gitbot commented 3 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175296202

The labels on this github issue will be updated when the story is started.