You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does the keystore integration only allow a single secret? https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-es-secure-settings.html and https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-how-to-snapshot.html#k8s-secure-settings make it seem this way. The downside of this approach is that the user needs to recreate the secret everytime they want to add or remove something to the keystore. Making this is a list of secrets to mount and inject would make it a lot nicer.
There is no secret updating command. If you want to add a new file or something like that you first need to pull it down locally, convert it from base64, then manually create it again.
And any production use case cluster won’t be manually creating secrets, they will be syncing them from some kind of secret service (like we do with vault). Where secrets might be coming from different sources and not fully contained within a single secret
To be more specific, right now our use case is that we have a slack_token (used for watcher alerting) that comes from a single secret that is injected from vault for all clusters. Then we have GCS bucket credentials which differs per project that is cluster specific.
We could accept a list of secrets in the secureSettings section of the spec:
Quoting @Crazybus:
We could accept a list of secrets in the secureSettings section of the spec:
The text was updated successfully, but these errors were encountered: