With the current setup we end up spinning up a pod which has no authentication and then exposing it to the network (in a prod deployment, that'd be exposing it to the world at large).
So, we need to change the container workflow so that auth gets pre-configured:
Activity
10-Nov-24 11:33
assigned to @btasker
10-Nov-24 11:33
I think the logical way to handle the creds is to have the provisioning script generate a random password and push that into a k8s secret.
10-Nov-24 11:59
mentioned in commit 4755a13539d2428c97989561332daae792873292
Commit: 4755a13539d2428c97989561332daae792873292 Author: B Tasker Date: 2024-11-10T11:59:15.000+00:00Message
feat: generate a default admin password and mount as a secret in the pod (#2)
Note: this doesn't currently get consumed, that's coming next.
10-Nov-24 12:08
Actually, pre-config is a little easier because things changed between 1.8.10 and 1.11:
So, we don't need to dump anything into the config file, the pod can be brought up with auth enabled and then the user created
10-Nov-24 12:38
mentioned in commit 2de6b7796351627215ef1817e2f400ba8a9de833
Commit: 2de6b7796351627215ef1817e2f400ba8a9de833 Author: B Tasker Date: 2024-11-10T12:38:05.000+00:00Message
feat: set admin user and password (#2)
Turns out we didn't need a configmap at all, the containers init scripts support passing it through (rings a bell now I think of it)
10-Nov-24 12:39
mentioned in issue #1