Comments (8)
np np, I'm putting together a PR that explains what I'm thinking.
from helm.
As a short term solution for this issue could we add a bypass to the ConfigMap and allow it to be written by hand in a k8s secret?
from helm.
@roberttmoon-wizehive I'm not sure what you mean here.
FlowForge needs to read all the values from a single flowforge.yml
file. That is currently provided to the deployment from the ConfigMap.
If you can come up with a PR to the helm chart that moves to a Secret then I'll happily review it, but it will need to support upgrades.
from helm.
If you can come up with a PR to the helm chart that moves to a Secret then I'll happily review it, but it will need to support upgrades.
How is that secret set, I don't see it in the helm charts
from helm.
@roberttmoon-wizehive There is no secret, hence the issue...
from helm.
this is the secret it uses, but I don't know where it is created:
https://github.com/flowforge/helm/blob/main/helm/flowforge/templates/job-upgrade-db.yaml#L37-L41
there doesn't seem to be anything in the chart the creates the secret.
from helm.
oh its from the postgresql chart
from helm.
Ok, so i have looked over the db update script some more and it seems that the update only runs when you are using fileStorage
and localPostgres
.
My expectation would be that if you were by-pasing the config builder in the helm chart to write your own from scratch as a Kubernetes secret then you would be beyond running postgres in your cluster.
The goal here is to provide a method (albeit not as user friendly as I would like) to secure the helm chart and make it safe to check in to a source control repository and be installed to your cluster with something like ArgoCD or Flux.
Additionally, I could add a validation to the chart.schema.json that prevents using the secrets with the localPostgres
from helm.
Related Issues (20)
- Use read-only filesystem for containers where possible
- Minimize the admission of pods which lack an associated NetworkPolicy
- Readiness Probe Should be Configured
- Memory requests should be set
- CPU requests should be set
- Liveness Probe Should be Configured
- helm chart needs improvements HOT 5
- Fix push readme to flowfuse docker hub node-red containers (check forge app containers as well) HOT 1
- Move database credentials away from ConfigMaps
- Investigate what would be required to use bitnami postgressql container 14.7.0 HOT 2
- Add possibility to configure `containerSecurityContext` for each container
- Add possibility to use external secret with database credentials HOT 1
- As an OPS I would like to have a possibility to customize domain for the broker HOT 4
- Add possibility to configure custom labels
- SMTP password should be stored in a secret instead of config map HOT 1
- upgrade job needs to make use of pq username from secret not assume "forge"
- Upgrade job needs it's own container image
- Add helm chart upgrade in the lint pipeline
- Helm chart lint and install workflow should not fail on release
- Allow creating custom NetworkPolicies for NodeRed pods
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm.