Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove secrets from configmap.yaml #44

Open
julienkosinski opened this issue Mar 4, 2024 · 3 comments
Open

Remove secrets from configmap.yaml #44

julienkosinski opened this issue Mar 4, 2024 · 3 comments

Comments

@julienkosinski
Copy link

julienkosinski commented Mar 4, 2024
edited
Loading

Hello,

It seems that multiple secrets remains in the configmap.yaml. Here are some variables that seems to be secret to me, please correct me if I'm wrong.

What do you think about it?

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 21 in 01801e4

ZO_INTERNAL_GRPC_TOKEN: "{{ .Values.config.ZO_INTERNAL_GRPC_TOKEN }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 31 in 01801e4

ZO_GRPC_ORG_HEADER_KEY: "{{ .Values.config.ZO_GRPC_ORG_HEADER_KEY }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 32 in 01801e4

ZO_GRPC_STREAM_HEADER_KEY: "{{ .Values.config.ZO_GRPC_STREAM_HEADER_KEY }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 46 in 01801e4

ZO_META_POSTGRES_DSN: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 49 in 01801e4

ZO_META_POSTGRES_DSN: "{{ .Values.config.ZO_META_POSTGRES_DSN }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 52 in 01801e4

ZO_META_MYSQL_DSN: "{{ .Values.config.ZO_META_MYSQL_DSN }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 122 in 01801e4

ZO_ETCD_PASSWORD: "{{ .Values.config.ZO_ETCD_PASSWORD }}"

openobserve-helm-chart/charts/openobserve/templates/configmap.yaml

Line 165 in 01801e4

O2_DEX_CLIENT_SECRET: "{{ (index .Values.enterprise.dex.config.staticClients 0).secret }}"

Thank you very much.
@prabhatsharma
Copy link
Contributor

Thanks for pointing out variable @julienkosinski . These should definitely be in secrets. Others are not a problem.

ZO_META_POSTGRES_DSN
ZO_META_MYSQL_DSN
O2_DEX_CLIENT_SECRET

ETCD does not store any data and others are not secrets. We should definitely get the above moved to secrets.

@julienkosinski
Copy link
Author

Thank you @prabhatsharma for the clarification!

@julienkosinski
Copy link
Author

julienkosinski commented May 21, 2024
edited
Loading

So those need to be in the auth section so that they can also be used with the new externalSecret, am I right?
#45 (comment)

Maybe it would need a externalEnterpriseSecret for O2_DEX_CLIENT_SECRET, what do you think?

The new postgres section needs to be considered too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@julienkosinski @prabhatsharma