Comments (3)
Hi @sky29, thanks for writing in!
Could you share a bit more about what you're trying to achieve with Doppler and RabbitMQ?
from kubernetes-operator.
I want to change RabbitMQ default User's password, when I change it in Doppler.
Step by Step Process/Scenario:
-
I use Doppler to hold secrets (rabbitmq: default_user and default_password)
-
I am having my own helm chart to deploy rabbitmq in HA mode (with external pvc mounted at: /var/lib/rabbitmq/mnesia : to keep data safe while pod restart). IT is DIY kind of helm chart: https://github.com/rabbitmq/diy-kubernetes-examples
-
I have configmap that disables guest user (loopback_users.guest = false). I am injecting secrets in rabbitmq statefulset as environment variable (default_user, default_pass) ..... this all are working fine and I am able to login to rabbitmq management UI using doppler secrets.
-
Now I change the password in Doppler, which reloads rabbitmq deployment, but it doesn't change the password in rabbitmq database. It might be because I am using external PVC, which keeps old passwords. I didn't find any way to implement this step.
This issue is more on RabbitMQ side then Doppler.
They seems to have a solution for this using Hashicorp Vault: https://github.com/rabbitmq/default-user-credential-updater
but I don't think, it will work with other secret managers like doppler.
from kubernetes-operator.
Ah, I see! Thanks for walking me through that. Doppler doesn't support this kind of thing out-of-the-box today but there's almost certainly a way to make it work.
I haven't checked out this sidecar before but it looks like it's watching /etc/rabbitmq/conf.d/11-default_user.conf
for changes. If that's the case, you might be able to mount that file using volumeMounts
or write your own service which copies the username/password from Doppler into that volume.
from kubernetes-operator.
Related Issues (20)
- Random failure publishing new secrets on changes HOT 4
- Allow DopplerSecret to be deployed to other namespaces HOT 1
- recommended.yaml not available in latest HOT 4
- GCP GKE INFO logs are showing ERROR HOT 5
- Feature request: Service Account support HOT 1
- Forcing DopplerSecret objects to be created in operator namespace breaks namespace isolation HOT 6
- Is there an option to automatically create a new config if it's not found? HOT 1
- Strange double-deployment when doing helm deploy HOT 10
- "Cannot change existing managed secret type from Opaque to ." after upgrading to 1.4.0 HOT 3
- Manage CRDs via Helm HOT 1
- Configure resources for all containers HOT 1
- How to configure a "master token secret" HOT 6
- [Kubernetes] imagePullSecrets: unable to deploy HOT 2
- Set Loglevel HOT 4
- Reconcile algorithm overuses the Doppler API HOT 2
- Can't create managed secret for a project's root config HOT 1
- The operator should allow arbitrary string->string mappings for secrets HOT 2
- Helm Chart dependency `kube-rbac-proxy` deprecation warning HOT 1
- Support custom labels on created Secret HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-operator.