search

spotahome / redis-operator

Redis Operator creates/configures/manages high availability redis with sentinel automatic failover atop Kubernetes.
Apache License 2.0
1.49k stars 357 forks source link

Password rotation of the default user. #568

Closed samof76 closed 1 year ago

samof76 commented 1 year ago

The default user is responsible for the all the control plane operations, hence password rotation for this user is not well defined has some glaring holes like the following.

Scenario One

  1. Update the password for default user
  2. Operator will immediately start using the password

All operator calls to the master and replicas, will fail as the password does not propogate, unless there is restart.

Scenario Two

  1. Update the password for default user
  2. Try to initial as rolling restart of the Redis pods(manually)

Replication will fail as the master will have different password(older) than the replicas(new password). This defeats the failover.

Scenrario three

  1. Update the password for default user

Coordinating the password propogration and the application rollout is extremely difficult

Solution

Use acl based management of the default user.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 45 days with no activity.

github-actions[bot] commented 1 year ago

This issue was closed because it has been inactive for 14 days since being marked as stale.