Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support multiple secure settings secrets #1457

Closed
sebgl opened this issue Aug 2, 2019 · 0 comments · Fixed by #1627
Closed

Support multiple secure settings secrets #1457

sebgl opened this issue Aug 2, 2019 · 0 comments · Fixed by #1627
Assignees
Labels
>enhancement Enhancement of existing functionality

Comments

@sebgl
Copy link
Contributor

sebgl commented Aug 2, 2019

Quoting @Crazybus:

Does the keystore integration only allow a single secret? https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-es-secure-settings.html and https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-how-to-snapshot.html#k8s-secure-settings make it seem this way. The downside of this approach is that the user needs to recreate the secret everytime they want to add or remove something to the keystore. Making this is a list of secrets to mount and inject would make it a lot nicer.
There is no secret updating command. If you want to add a new file or something like that you first need to pull it down locally, convert it from base64, then manually create it again.
And any production use case cluster won’t be manually creating secrets, they will be syncing them from some kind of secret service (like we do with vault). Where secrets might be coming from different sources and not fully contained within a single secret
To be more specific, right now our use case is that we have a slack_token (used for watcher alerting) that comes from a single secret that is injected from vault for all clusters. Then we have GCS bucket credentials which differs per project that is cluster specific.

We could accept a list of secrets in the secureSettings section of the spec:

spec:
  secureSettings:
  - secretName: your-secure-settings-secret
  - secretName: your-second-secure-settings-secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
>enhancement Enhancement of existing functionality
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants