opensearch-project / helm-charts

:wheel_of_dharma: A community repository for Helm Charts of OpenSearch Project.

https://opensearch.org/docs/latest/opensearch/install/helm/

Apache License 2.0

173 stars 234 forks source link

store opensearch-dashboards configs in Secret (#426) #430

Open rufdoSICKAG opened 1 year ago

rufdoSICKAG commented 1 year ago

opensearch_dashboards.yml contains values like opensearch.password or opensearch_security.openid.client_secret which should be stored in Secrets rather than ConfigMaps.

Description

Because opensearch_dashboards.yml may contain secret values like opensearch.password or opensearch_security.openid.client_secret, it should be stored as Secret rather than a ConfigMap. For comparison, the securityConfig in the opensearch chart is already stored as a Secret.

Issues Resolved

426

Check List

[x ] Commits are signed per the DCO using --signoff

For any changes to files within Helm chart directories:

[x ] Helm chart version bumped
[x ] Helm chart CHANGELOG.md updated to reflect change

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

ThoreKr commented 1 year ago

Should it then also be possible to provide your own secret? e.g. when handling values through flux it would be desireable to not store these secret values in the configmap of the chart values.

mustdiechik commented 1 year ago

@rufdoSICKAG could you also add metadata.annotation value to secret ? It will be convenient to use with vault webhook to modify secret.

rufdoSICKAG commented 1 year ago

@TheAlgo sorry for the late response. I added the requested change to the README now.

@ThoreKr @mustdiechik I think adding additional options should be handled in a separate PR after this change has been accepted.

bbarani commented 11 months ago

@TheAlgo @prudhvigodithi @peterzhuamazon Can we merge this PR?

prudhvigodithi commented 11 months ago

Hey @rufdoSICKAG, thanks for your contribution and patience, this change looks good to me, can you please fix the conflicts and we can merge this.

rufdoSICKAG commented 10 months ago

@prudhvigodithi I rebased my changes

TheAlgo commented 3 months ago

@prudhvigodithi can we merge this PR?

prudhvigodithi commented 3 months ago

@rufdoSICKAG can you please increment the chart version (as a patch release) and update the change-log ? Sample PR https://github.com/opensearch-project/helm-charts/pull/569/files Thanks @TheAlgo @peterzhuamazon

rufdoSICKAG commented 2 months ago

@prudhvigodithi wouldn't it make more sense if who every manages the next release would do that?! I mean, this PR is more then a year old, who knows how many release will happen until it will actually be merged. And each time the PR would have to be updated.