Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
Due to security audit, I wanted to change the mongodb account to a much less previledged to follow the least previledged aproch. For that, I found out, that I can change the mongodb account in the manifest https://github.com/litmuschaos/litmus/blob/3f8021f09b5b4aef7fce1495111c20c884673bdf/litmus-portal/cluster-k8s-manifest.yml#L827 . I crated an read/write db account for litmus db and used that instead. It looks like that is working. However, with that setup I was running in trouble by updateing litmus.
Could you please change the installation scripts in a way, that litmus will create a service account following the least previledged aproch and uses this database service account for the applicaiton. Root / DBA account will only be needed for installing updates, etc.
Hi @le-al thank you for submitting this issue, we will have the option for user-defined values(service-account) for mongo-db in the helm chart in a future release.
Due to security audit, I wanted to change the mongodb account to a much less previledged to follow the least previledged aproch. For that, I found out, that I can change the mongodb account in the manifest https://github.com/litmuschaos/litmus/blob/3f8021f09b5b4aef7fce1495111c20c884673bdf/litmus-portal/cluster-k8s-manifest.yml#L827 . I crated an read/write db account for litmus db and used that instead. It looks like that is working. However, with that setup I was running in trouble by updateing litmus.
Could you please change the installation scripts in a way, that litmus will create a service account following the least previledged aproch and uses this database service account for the applicaiton. Root / DBA account will only be needed for installing updates, etc.