The default user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.
Scenario One
Update the password for default user
Operator will immediately start using the password
All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.
Scenario Two
Update the password for default user
Try to initial as rolling restart of the Redis pods(manually)
Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.
Scenrario three
Update the password for default user
Coordinating the password propogration and the application rollout is extremely difficult
The
default
user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.Scenario One
All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.
Scenario Two
Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.
Scenrario three
Coordinating the password propogration and the application rollout is extremely difficult
Solution
Use acl based management of the default user.