consensys / quorum-key-manager-helm Goto Github PK

Context:

helm version
version.BuildInfo{Version:"v3.4.0", GitCommit:"7090a89efc8a18f3d8178bf47d2462450349a004", GitTreeState:"clean", GoVersion:"go1.14.10"}

Hi ,

I'm trying to To install the chart with the release name qkm but I have the following issues:

helm install qkm helm-consensys/qkm 
Error: failed to download "helm-consensys/qkm" (hint: running `helm repo update` may help)

I tried the command helm repo update but I still have the error message.

Can you help me? please

In order to align with current and good practices I would like to have sensitive env vars in encrypted "existing" secrets.

https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/

Hi,

When I'm trying helm install qkm helm-consensys/quorumkeymanager and I got this :

Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [unknown object type "nil" in Secret.data.ca.crt, unknown object type "nil" in Secret.data.client.crt, unknown object type "nil" in Secret.data.client.key]

I have this, despite the fact that I provide the required certificates in my values.yaml...

I need help please.

Regards,

This issue has been reported by Ali.
As of today, when Ingress is enabled, service port number defaults to 80, which forces the chart user to override it to the appropriate 8080 value.

As this value is a well known and fixed one it should be set accordingly.

Summary / User Story

It is not recommended to use k8s secrets in a prod environment, a better solution would consist in havin secrets managed by a dedicated Vault or managed solution depending on the target cloud platform.

Pre-requisites

• Having stable deployments ready
• Having "sandbox" clusters available
• Having identified, categorized and qualified all sensitive data
• For each targeted cloud PF identify all possible solutions
• For each targeted cloud PF identify the best Vault solution

Technical Notes

• Links to architecture, documents

Business Value

Minimize Threats from insiders / increase overall security level

Acceptance Criteria

• Have at least one POC running for each possible cloud PF. (add list below on the go)
• Write technical / architecture documentation related to each and every solution
• Have helm and k8s charts updated accordingly

Within the template templates/init-migrate-hook.yaml, we currently create resources based on 2 different hook event. This difference cause the job to run without the secret created in a pre-install/pre-upgrade hook.

We should align the hook to fix the issue.