Open domdomegg opened 3 months ago
As an alternative, the upstream grafana chart generates a password when none is set, and documents how to fetch the generated password (https://grafana.com/docs/grafana/latest/setup-grafana/installation/helm/#access-grafana). That seems much more secure, so maybe the kube-prometheus-stack values could leave the default empty and reference/mirror the grafana helm chart documentation?
Is your feature request related to a problem ?
Multiple people have gotten confused by the default password set by kube-prometheus-stack (https://github.com/prometheus-operator/kube-prometheus/issues/2092, https://github.com/prometheus-community/helm-charts/issues/2444). I found this particularly confusing as the README links to Grafana instructions which suggest the default creds are admin/admin to get started, and nowhere in the docs (beyond digging into the Helm chart values) is a different default indicated.
Describe the solution you'd like.
Change the default
grafana.adminPassword
toadmin
.Describe alternatives you've considered.
Better publicise that the default password is actually
prom-operator
. However, this seems like being different for little benefit - the security benefit is negligible givenprom-operator
through this chart is likely already known by determined attackers as a preset password.Additional context.
No response