added missing secrets on statefulset template #272
Conversation
phijojo
force-pushed
the
add-missing-secrets
branch
from
6ef1fe9 to
b9c70eb
Compare
…Jospeh <[email protected]> Signed-off-by: Phijo Joseph <[email protected]>
phijojo
force-pushed
the
add-missing-secrets
branch
from
b9c70eb to
2460922
Compare
|
From Comment #191 (comment) |
charts/opensearch/Chart.yaml
Outdated
| @@ -30,3 +30,5 @@ maintainers: | |||
| - name: peterzhuamazon | |||
| - name: prudhvigodithi | |||
| - name: TheAlgo | |||
| - name: phijojo | |||
There was a problem hiding this comment.
We wont be able to add you as a maintainer without going through the nomination process. Please refer to at maintainers.md guide to understand the process to become a maintainer.
There was a problem hiding this comment.
Good to know, thanks for sharing the document. I have removed my name from the maintainer's list.
Signed-off-by: Phijo Joseph <[email protected]>
| {{- if .Values.securityConfig.whitelistSecret }} | ||
| - name: whitelist | ||
| secret: | ||
| secretName: {{ .Values.securityConfig.whitelistSecret }} | ||
| {{- end }} |
There was a problem hiding this comment.
Shouldn't this be allowlist? https://opensearch.org/docs/latest/security-plugin/configuration/yaml/#allowlistyml
There was a problem hiding this comment.
Yes, it should be.
I have used 2.0.0 image, in which the securityadmin.sh doesn't check for allowlist.yml instead it's still using whitelist.yml.So I guess securityadmin.sh need a change before we use allowlist.yml.
| {{- if .Values.securityConfig.whitelistSecret }} | ||
| - mountPath: {{ .Values.securityConfig.path }}/whitelist.yml | ||
| name: whitelist | ||
| subPath: whitelist.yml | ||
| {{- end }} |
There was a problem hiding this comment.
Shouldn't this be allowlist? https://opensearch.org/docs/latest/security-plugin/configuration/yaml/#allowlistyml
There was a problem hiding this comment.
Yes, it should be.
I have used 2.0.0 image, in which the securityadmin.sh doesn't check for allowlist.yml instead it's still using whitelist.yml.So I guess securityadmin.sh need a change before we use allowlist.yml.
There was a problem hiding this comment.
@DandyDeveloper @prudhvigodithi @TheAlgo
I think it's a bug in securityadmin.sh. I have added a ticket for that opensearch-project/security#1879
I'll change whitelist.yml to allowlist.yml on this PR and will create another PR for 1.x.x to handle the whitelist.yml
|
Hey @DandyDeveloper and @phijojo we have |
Signed-off-by: Phijo Joseph <[email protected]>
There was a problem hiding this comment.
Changes looks good, the only thing I am not sure on the whitelist/allowlist thingy. I am fine with whatever @prudhvigodithi has suggested
| @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
| --- | |||
| ## [Unreleased] | |||
| ### Added | |||
| - Updated StatefulSet with node_dn.yml and whitelist.yml | |||
There was a problem hiding this comment.
Do you mind seeing the PR(s) before on updating the CHANGELOG?
There was a problem hiding this comment.
Sure, Do you want me to remove this from the current PR and submit a different one?
There was a problem hiding this comment.
Hey @phijojo please consider this as an example
https://github.com/opensearch-project/helm-charts/pull/250/files#diff-96471865d01149e108175156796718f7584b7d5fae730d0cb5dbd98426bcd801
|
@phijojo, please test by just keeping |
|
Hey since |
|
Hi @phijojo any progress to keep this PR going? |
|
Hi @phijojo @prudhvigodithi Any updates on this PR? |
|
Hey @phijojo I have converted this PR to draft, please let us know if this PR required and a valid scenario. |
|
Hey @phijojo closing this PR, please re-open if required. |
Signed-off-by: Phijo Jospeh [email protected]
Description
The Statefulset template is missing 2 secrets when adding individual secrets.
Issues Resolved
#191
Check List
For any changes to files within Helm chart directories:
CHANGELOG.mdupdated to reflect changeBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.