The Helm Chart generates a secret on Helm install containing the content of deploy.security.batch as well as credentials required by the monitoring endpoint. If deploy.security.batch is empty, then a default user "developer" is created. Both the "developer" user and the "monitor" user have a password value that is generated by Helm.
In order to prevent the generated password from being regenerated on calls to Helm Upgrade, the Secret is only generated if {{ .Release.IsInstall}}. Consequently, attempts to update deploy.security.batch on upgrade will be ignored as the old Secret is used.
In order to support the below workflow, we need to refactor how credentials are managed:
The Helm Chart generates a secret on Helm install containing the content of deploy.security.batch as well as credentials required by the monitoring endpoint. If deploy.security.batch is empty, then a default user "developer" is created. Both the "developer" user and the "monitor" user have a password value that is generated by Helm.
In order to prevent the generated password from being regenerated on calls to Helm Upgrade, the Secret is only generated if {{ .Release.IsInstall}}. Consequently, attempts to update deploy.security.batch on upgrade will be ignored as the old Secret is used.
In order to support the below workflow, we need to refactor how credentials are managed:
1.helm install -n helm datagrid . --set deploy.security.batch="user create djavan -p originalPass"
also discussed: https://issues.redhat.com/browse/JDG-6015